CVE-2018-5225

EPSS 3.6%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 3.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

22 Mar 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Affected products

Atlassian · Bitbucket Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://confluence.atlassian.com/x/3WNsO https://jira.atlassian.com/browse/BSERV-10684 http://www.securityfocus.com/bid/103488