Uploaded image for project: 'SR for Bitbucket - Development'
  1. SR for Bitbucket - Development
  2. SRBITB-816

ScriptRunner for Bitbucket Remote Code Execution Vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • High
    • Resolution: Fixed
    • 5.4.29, 6.5.0, 6.5.0-p5
    • 6.5.1, 6.5.1-p5
    • None
    • DevTools 82
    • 0

    Description

      The vulnerability allows a malicious authenticated user to run arbitrary code inside the instance without administrative permissions.

      This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.1 / 6.5.1-p5; it is recommended all customers upgrade to 6.5.1+ where possible.

      Attachments

        Activity

          People

            rlander Reece Lander
            rgiddings Robert Giddings
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: