[SRBITB-816] ScriptRunner for Bitbucket Remote Code Execution Vulnerability - Product Support

XML

Word

Printable

JSON

Details

Type: Bug
Status: Done
Priority: High
Resolution: Fixed
Affects Version/s: 5.4.29, 6.5.0, 6.5.0-p5
Fix Version/s: 6.5.1, 6.5.1-p5
Component/s: None
Labels:
- securityVulnerability

Sprint:
DevTools 82
Critical Points:
0

Description

The vulnerability allows a malicious authenticated user to run arbitrary code inside the instance without administrative permissions.

This security vulnerability has been fixed in ScriptRunner for Bitbucket 6.5.1 / 6.5.1-p5; it is recommended all customers upgrade to 6.5.1+ where possible.

Attachments

Activity

People

Assignee:: Reece Lander

Reporter:: Robert Giddings

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 31/Jul/20 5:07 PM

Updated:: 26/Nov/20 10:54 AM

Resolved:: 03/Aug/20 12:51 PM