XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • Blocker
    • Resolution: Fixed
    • 3.0.17, 3.0.18, 3.1, 3.1.2, 4.1, 4.1.2, 4.2.0.2, 4.2.0.3, 4.2.0.6, 4.3.0, 4.3.1, 4.3.4, 4.3.7, 4.3.8, 4.3.10, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 5.0.1, 5.0.6, 5.0.7, 5.0.9, 5.0.10, 5.0.13, 5.0.16, 5.0.17, 5.1.2, 5.1.8, 5.2.6, 5.2.10, 5.3.8, 5.3.17, 5.3.18, 5.3.31, 5.3.30, 5.3.29, 5.3.28, 5.4.4, 5.4.5, 5.4.6, 5.4.10, 5.4.18, 5.4.21, 5.4.29, 5.4.37, 5.4.41, 5.4.44, 5.4.46, 5.4.47, 5.4.48, 5.5.1, 5.5.1.1-bbs6, 5.5.1.2-bbs6, 5.5.4, 5.5.4.1-bbs6, 5.5.6, 5.5.6-bbs6, 5.6.1, 4.2.0.8
    • 5.6.3
    • None
    • None
    • 0

    Description

      A security vulnerability that has been discovered in ScriptRunner for Bitbucket. The vulnerability affects all versions 3.0.17 - 5.6.1 (inclusive) of ScriptRunner for Bitbucket.

       
      The vulnerability is classified as critical in line with Atlassian’s Security Levels.

       
      ScriptRunner for Bitbucket Server and Data Center prior to version 5.6.3 allowed logged in users to create and execute scripts without the correct privileges being applied by sending a specially crafted request. This could mean that a user can escalate their privileges and execute arbitrary code.

      Attachments

        Issue Links

          Activity

            People

              rgiddings Robert Giddings
              rgiddings Robert Giddings
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: