Lucene search
HistoryFeb 16, 2021 - 12:44 a.m.
Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233
0.0004 Low
EPSS
Percentile
0.4%
h3. Issue Summary
Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities.
h3. Affected Versions
The following versions are only affected on Windows:
- All versions < 6.10.9
- 7.x < 7.6.4
- 7.7.x
- 7.8.x
- 7.9.x
- 7.10.0
h3. Fixed Versions
- 6.10.9 (Long Term Support release)
- 7.6.4 (Long Term Support release)
- 7.10.1
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitbucket server | le | 6.10.0 | |
| bitbucket server | lt | 7.6.4 | |
| bitbucket server | lt | 7.10.1 | |
| bitbucket server | le | 7.8.0 | |
| bitbucket server | lt | 6.10.9 |
Related
cve
cve
CVE-2020-36233
2021-02-18 20:15:12
prion
prion
Design/Logic Flaw
2021-02-18 20:15:00
cvelist
cvelist
CVE-2020-36233
2021-02-16 00:00:00
atlassian
atlassian
nvd
nvd
CVE-2020-36233
2021-02-18 20:15:12
cert
cert