Uploaded image for project: 'SR for Bitbucket - Development'
  1. SR for Bitbucket - Development
  2. SRBITB-854

Security Vulnerability - escaping repository administrator code sandbox

    Details

    • Type: Bug
    • Status: Done
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.11, 5.6.12, 5.6.13, 5.6.15, 5.7.0, 5.7.1, 5.7.2, 5.8.0, 6.0.0, 5.9.0, 6.1.0, 6.2.0, 6.2.1, 6.3..0, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.7.0, 6.9.0
    • Fix Version/s: 6.5.2, 6.9.2
    • Sprint:
      DevTools 86
    • Critical Points:
      0

      Description

      A security vulnerability has been identified in ScriptRunner for Bitbucket Server and Data Center.

      A malicious authenticated Bitbucket user with repository administrator permissionĀ could exploit this vulnerability to gain escalated privileges.

      This vulnerability has been rated as Critical according to[ Atlassian's Severity Levels for Security Issues|https://www.atlassian.com/trust/security/security-severity-levels] and was identified as part of an internal security audit of our source code.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rlander Reece Lander
              Reporter:
              hgordon Highton Gordon
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: