CVE-2019-15010

Name of the Vulnerable Software and Affected Versions Bitbucket Server and Bitbucket Data Center versions 3.0.0 through 5.16.10 Bitbucket Server and Bitbucket Data Center versions 6.0.0 through 6.0.10 Bitbucket Server and Bitbucket Data Center versions 6.1.0 through 6.1.8 Bitbucket Server and Bitbucket Data Center versions 6.2.0 through 6.2.6 Bitbucket Server and Bitbucket Data Center versions 6.3.0 through 6.3.5 Bitbucket Server and Bitbucket Data Center versions 6.4.0 through 6.4.3 Bitbucket Server and Bitbucket Data Center versions 6.5.0 through 6.5.2 Bitbucket Server and Bitbucket Data Center versions 6.6.0 through 6.6.2 Bitbucket Server and Bitbucket Data Center versions 6.7.0 through 6.7.2 Bitbucket Server and Bitbucket Data Center versions 6.8.0 through 6.8.1 Bitbucket Server and Bitbucket Data Center versions 6.9.0 through 6.9.0

Description A remote code execution issue exists due to certain user input fields. An attacker with user-level permissions can exploit this to run arbitrary commands on the victim's systems by using a specially crafted payload as user input. This allows the execution of arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.

Recommendations For versions 3.0.0 through 5.16.10, update to version 5.16.11 or later. For versions 6.0.0 through 6.0.10, update to version 6.0.11 or later. For versions 6.1.0 through 6.1.8, update to version 6.1.9 or later. For versions 6.2.0 through 6.2.6, update to version 6.2.7 or later. For versions 6.3.0 through 6.3.5, update to version 6.3.6 or later. For versions 6.4.0 through 6.4.3, update to version 6.4.4 or later. For versions 6.5.0 through 6.5.2, update to version 6.5.3 or later. For versions 6.6.0 through 6.6.2, update to version 6.6.3 or later. For versions 6.7.0 through 6.7.2, update to version 6.7.3 or later. For versions 6.8.0 through 6.8.1, update to version 6.8.2 or later. For versions 6.9.0 through 6.9.0, update to version 6.9.1 or later.