CVE-2018-5225
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
La edición en navegador de Atlassian Bitbucket Server, en versiones 4.13.0 anteriores a la 5.4.8 (la versión solucionada de la versión 4.13.0 hasta la 5.4.7), versiones 5.5.0 anteriores a la 5.5.8 (la versión solucionada de las versiones 5.5.x), versiones 5.6.0 anteriores a la 5.6.5 (la versión solucionada de las versiones 5.6.x), versiones 5.7.0 anteriores a la 5.7.3 (la versión solucionada de las versiones 5.7.x) y versiones 5.8.0 anteriores a la 5.8.2 (la versión solucionada para 5.8.x), permite que usuarios autenticados obtengan ejecución remota de código mediante la característica de edición en navegador editando un enlace simbólico en un repositorio.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-05 CVE Reserved
- 2018-03-22 CVE Published
- 2024-05-17 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103488 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://confluence.atlassian.com/x/3WNsO | 2018-04-20 | |
| https://jira.atlassian.com/browse/BSERV-10684 | 2018-04-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 4.13.0 < 5.4.8 Search vendor "Atlassian" for product "Bitbucket" and version " >= 4.13.0 < 5.4.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | > 5.5.0 < 5.5.8 Search vendor "Atlassian" for product "Bitbucket" and version " > 5.5.0 < 5.5.8" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.6.0 < 5.6.5 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.6.0 < 5.6.5" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.7.0 < 5.7.3 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.7.0 < 5.7.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.8.0 < 5.8.2 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.8.0 < 5.8.2" | - |
Affected
| ||||||