h3. Issue Summary
Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.
h3. Affected Versions
The following versions are only affected on Windows:
h3. Fixed Versions
CPE | Name | Operator | Version |
---|---|---|---|
bitbucket server | le | 6.10.0 | |
bitbucket server | lt | 7.6.4 | |
bitbucket server | lt | 7.10.1 | |
bitbucket server | le | 7.8.0 | |
bitbucket server | lt | 6.10.9 |