XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Done
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.17, 3.0.18, 3.1, 3.1.2, 4.1, 4.1.2, 4.2.0.2, 4.2.0.3, 4.2.0.6, 4.3.0, 4.3.1, 4.3.4, 4.3.7, 4.3.8, 4.3.10, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 5.0.1, 5.0.6, 5.0.7, 5.0.9, 5.0.10, 5.0.13, 5.0.16, 5.0.17, 5.1.2, 5.1.8, 5.2.6, 5.2.10, 5.3.8, 5.3.17, 5.3.18, 5.3.31, 5.3.30, 5.3.29, 5.3.28, 5.4.4, 5.4.5, 5.4.6, 5.4.10, 5.4.18, 5.4.21, 5.4.29, 5.4.37, 5.4.41, 5.4.44, 5.4.46, 5.4.47, 5.4.48, 5.5.1, 5.5.1.1-bbs6, 5.5.1.2-bbs6, 5.5.4, 5.5.4.1-bbs6, 5.5.6, 5.5.6-bbs6, 5.6.1, 4.2.0.8
    • Fix Version/s: 5.6.3
    • Labels:
      None
    • Critical Points:
      0

      Description

      A security vulnerability that has been discovered in ScriptRunner for Bitbucket. The vulnerability affects all versions 3.0.17 - 5.6.1 (inclusive) of ScriptRunner for Bitbucket.

       
      The vulnerability is classified as critical in line with Atlassian’s Security Levels.

       
      ScriptRunner for Bitbucket Server and Data Center prior to version 5.6.3 allowed logged in users to create and execute scripts without the correct privileges being applied by sending a specially crafted request. This could mean that a user can escalate their privileges and execute arbitrary code.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rgiddings Robert Giddings
              Reporter:
              rgiddings Robert Giddings
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: