← volver
CVE-2018-5225

CVE-2018-5225

EPSS 3.6%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 3.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 mar 2018Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
Productos afectados
Atlassian · Bitbucket Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://confluence.atlassian.com/x/3WNsOhttps://jira.atlassian.com/browse/BSERV-10684http://www.securityfocus.com/bid/103488