CVE-2019-15000

Name of the Vulnerable Software and Affected Versions Bitbucket Server and Data Center versions prior to 5.16.10 Bitbucket Server and Data Center versions 6.0.0 through 6.0.9 Bitbucket Server and Data Center versions 6.1.0 through 6.1.7 Bitbucket Server and Data Center versions 6.2.0 through 6.2.5 Bitbucket Server and Data Center versions 6.3.0 through 6.3.4 Bitbucket Server and Data Center versions 6.4.0 through 6.4.2 Bitbucket Server and Data Center versions 6.5.0 through 6.5.1

Description The issue allows remote attackers with repository access permission to read arbitrary files on the system and execute commands by injecting additional arguments into git commands. If public access is enabled for a project or repository, attackers can exploit this issue anonymously.

Recommendations For versions prior to 5.16.10, update to version 5.16.10 or later. For versions 6.0.0 through 6.0.9, update to version 6.0.10 or later. For versions 6.1.0 through 6.1.7, update to version 6.1.8 or later. For versions 6.2.0 through 6.2.5, update to version 6.2.6 or later. For versions 6.3.0 through 6.3.4, update to version 6.3.5 or later. For versions 6.4.0 through 6.4.2, update to version 6.4.3 or later. For versions 6.5.0 through 6.5.1, update to version 6.5.2 or later.