Details
-
Bug
-
Status: Done
-
Blocker
-
Resolution: Fixed
-
3.0.17, 3.0.18, 3.1, 3.1.2, 4.1, 4.1.2, 4.2.0.2, 4.2.0.3, 4.2.0.6, 4.3.0, 4.3.1, 4.3.4, 4.3.7, 4.3.8, 4.3.10, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 5.0.1, 5.0.6, 5.0.7, 5.0.9, 5.0.10, 5.0.13, 5.0.16, 5.0.17, 5.1.2, 5.1.8, 5.2.6, 5.2.10, 5.3.8, 5.3.17, 5.3.18, 5.3.31, 5.3.30, 5.3.29, 5.3.28, 5.4.4, 5.4.5, 5.4.6, 5.4.10, 5.4.18, 5.4.21, 5.4.29, 5.4.37, 5.4.41, 5.4.44, 5.4.46, 5.4.47, 5.4.48, 5.5.1, 5.5.1.1-bbs6, 5.5.1.2-bbs6, 5.5.4, 5.5.4.1-bbs6, 5.5.6, 5.5.6-bbs6, 5.6.1, 4.2.0.8
-
None
-
None
-
0
Description
A security vulnerability that has been discovered in ScriptRunner for Bitbucket. The vulnerability affects all versions 3.0.17 - 5.6.1 (inclusive) of ScriptRunner for Bitbucket.
The vulnerability is classified as critical in line with Atlassian’s Security Levels.
ScriptRunner for Bitbucket Server and Data Center prior to version 5.6.3 allowed logged in users to create and execute scripts without the correct privileges being applied by sending a specially crafted request. This could mean that a user can escalate their privileges and execute arbitrary code.