Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.0.17, 3.0.18, 3.1, 3.1.2, 4.1, 4.1.2, 4.2.0.2, 4.2.0.3, 4.2.0.6, 4.3.0, 4.3.1, 4.3.4, 4.3.7, 4.3.8, 4.3.10, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 5.0.1, 5.0.6, 5.0.7, 5.0.9, 5.0.10, 5.0.13, 5.0.16, 5.0.17, 5.1.2, 5.1.8, 5.2.6, 5.2.10, 5.3.8, 5.3.17, 5.3.18, 5.3.31, 5.3.30, 5.3.29, 5.3.28, 5.4.4, 5.4.5, 5.4.6, 5.4.10, 5.4.18, 5.4.21, 5.4.29, 5.4.37, 5.4.41, 5.4.44, 5.4.46, 5.4.47, 5.4.48, 5.5.1, 5.5.1.1-bbs6, 5.5.1.2-bbs6, 5.5.4, 5.5.4.1-bbs6, 5.5.6, 5.5.6-bbs6, 5.6.1, 4.2.0.8
    • Fix Version/s: 5.6.3
    • Labels:
      None
    • Critical Points:
      0

      Description

      A security vulnerability that has been discovered in ScriptRunner for Bitbucket. The vulnerability affects all versions 3.0.17 - 5.6.1 (inclusive) of ScriptRunner for Bitbucket.

       
      The vulnerability is classified as critical in line with Atlassian’s Security Levels.

       
      ScriptRunner for Bitbucket Server and Data Center prior to version 5.6.3 allowed logged in users to create and execute scripts without the correct privileges being applied by sending a specially crafted request. This could mean that a user can escalate their privileges and execute arbitrary code.

        Attachments

          Issue Links

            Structure

              Activity

                People

                Assignee:
                rgiddings Robert Giddings
                Reporter:
                rgiddings Robert Giddings
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Structure Helper Panel