Uploaded image for project: 'SR for Bitbucket - Development'
  1. SR for Bitbucket - Development
  2. SRBITB-816

ScriptRunner for Bitbucket Remote Code Execution Vulnerability

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.4.29, 6.5.0, 6.5.0-p5
    • Fix Version/s: 6.5.1, 6.5.1-p5
    • Labels:
      None
    • Sprint:
      DevTools 82
    • Critical Points:
      0

      Description

      The vulnerability allows a malicious authenticated user to run arbitrary code inside the instance without administrative permissions.

      This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.1 / 6.5.1-p5; it is recommended all customers upgrade to 6.5.1+ where possible.

        Attachments

          Structure

            Activity

              People

              Assignee:
              rlander Reece Lander
              Reporter:
              rgiddings Robert Giddings
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Structure Helper Panel