In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2018-03-22T13:00:00Z

Updated: 2024-09-16T18:49:04.214Z

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5225

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-03-22T13:29:00.810

Modified: 2018-04-20T16:57:12.783

Link: CVE-2018-5225

cve-icon Redhat

No data.