CVE-2018-5225 : In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.

Published 2018-03-22 13:29:01

Updated 2018-04-20 16:57:13

Source Atlassian

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2018-5225

Atlassian » Bitbucket
Versions after (>) 5.5.0 and before (<) 5.5.8
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Matching versions
Atlassian » Bitbucket
Versions from including (>=) 5.8.0 and before (<) 5.8.2
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Matching versions
Atlassian » Bitbucket
Versions from including (>=) 5.6.0 and before (<) 5.6.5
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Matching versions
Atlassian » Bitbucket
Versions from including (>=) 4.13.0 and before (<) 5.4.8
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Matching versions
Atlassian » Bitbucket
Versions from including (>=) 5.7.0 and before (<) 5.7.3
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-5225

Top countries where our scanners detected CVE-2018-5225

Top open port discovered on systems with this issue 80

IPs affected by CVE-2018-5225 25

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-5225!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-5225

EPSS FAQ

2.83%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 85 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-5225

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.9	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	3.1	6.0	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2018-5225

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5225

https://jira.atlassian.com/browse/BSERV-10684

[BSERV-10684] Remote Code Execution via in Browser Editing - CVE-2018-5225 - Create and track feature requests for Atlassian products.
Vendor Advisory
http://www.securityfocus.com/bid/103488

Atlassian Bitbucket Server CVE-2018-5225 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://confluence.atlassian.com/x/3WNsO

Bitbucket Server security advisory 2018-03-21 - Atlassian Documentation
Vendor Advisory