Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 prior to 6.0.11, from version 6.1.0 prior to 6.1.9, from version 6.2.0 prior to 6.2.7, from version 6.3.0 prior to 6.3.6, from version 6.4.0 prior to 6.4.4, from version 6.5.0 prior to 6.5.3, from version 6.6.0 prior to 6.6.3, from version 6.7.0 prior to 6.7.3, from version 6.8.0 prior to 6.8.2, and from version 6.9.0 prior to 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian bitbucket |