In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published:

Updated: 2024-09-16T18:49:04.214Z

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-22T13:29:00.810

Modified: 2024-11-21T04:08:22.477

Link: CVE-2018-5225

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.