Uploaded image for project: 'SR for Bitbucket - Development'
  1. SR for Bitbucket - Development
  2. SRBITB-854

Security Vulnerability - escaping repository administrator code sandbox

    Details

    • Type: Bug
    • Status: Done (View Workflow)
    • Priority: Blocker
    • Resolution: Done
    • Affects Version/s: 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.11, 5.6.12, 5.6.13, 5.6.15, 5.7.0, 5.7.1, 5.7.2, 5.8.0, 6.0.0, 5.9.0, 6.1.0, 6.2.0, 6.2.1, 6.3..0, 6.4.0, 6.5.0, 6.5.1, 6.6.0, 6.7.0, 6.9.0
    • Fix Version/s: 6.5.2, 6.9.2
    • Sprint:
      DevTools 86
    • Critical Points:
      0

      Description

      A security vulnerability has been identified in ScriptRunner for Bitbucket Server and Data Center.

      A malicious authenticated Bitbucket user with repository administrator permissionĀ could exploit this vulnerability to gain escalated privileges.

      This vulnerability has been rated as Critical according to[ Atlassian's Severity Levels for Security Issues|https://www.atlassian.com/trust/security/security-severity-levels] and was identified as part of an internal security audit of our source code.

        Attachments

          Issue Links

            Structure

              Activity

                People

                Assignee:
                rlander Reece Lander
                Reporter:
                hgordon Highton Gordon
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Structure Helper Panel