CVE-2019-15012

Name of the Vulnerable Software and Affected Versions Bitbucket Server and Bitbucket Data Center versions 4.13 through 5.16.10 Bitbucket Server and Bitbucket Data Center versions 6.0.0 through 6.0.10 Bitbucket Server and Bitbucket Data Center versions 6.1.0 through 6.1.8 Bitbucket Server and Bitbucket Data Center versions 6.2.0 through 6.2.6 Bitbucket Server and Bitbucket Data Center versions 6.3.0 through 6.3.5 Bitbucket Server and Bitbucket Data Center versions 6.4.0 through 6.4.3 Bitbucket Server and Bitbucket Data Center versions 6.5.0 through 6.5.2 Bitbucket Server and Bitbucket Data Center versions 6.6.0 through 6.6.2 Bitbucket Server and Bitbucket Data Center versions 6.7.0 through 6.7.2 Bitbucket Server and Bitbucket Data Center versions 6.8.0 through 6.8.1 Bitbucket Server and Bitbucket Data Center versions 6.9.0

Description A remote attacker with write permission on a repository can exploit a Remote Code Execution issue via the "edit-file" request. This allows the attacker to write to any arbitrary file on the victim's Bitbucket Server or Bitbucket Data Center instance, potentially resulting in the execution of arbitrary code, if the user has the necessary permissions to write the file at the destination.

Recommendations For Bitbucket Server and Bitbucket Data Center versions 4.13 through 5.16.10, update to version 5.16.11 or later. For Bitbucket Server and Bitbucket Data Center versions 6.0.0 through 6.0.10, update to version 6.0.11 or later. For Bitbucket Server and Bitbucket Data Center versions 6.1.0 through 6.1.8, update to version 6.1.9 or later. For Bitbucket Server and Bitbucket Data Center versions 6.2.0 through 6.2.6, update to version 6.2.7 or later. For Bitbucket Server and Bitbucket Data Center versions 6.3.0 through 6.3.5, update to version 6.3.6 or later. For Bitbucket Server and Bitbucket Data Center versions 6.4.0 through 6.4.3, update to version 6.4.4 or later. For Bitbucket Server and Bitbucket Data Center versions 6.5.0 through 6.5.2, update to version 6.5.3 or later. For Bitbucket Server and Bitbucket Data Center versions 6.6.0 through 6.6.2, update to version 6.6.3 or later. For Bitbucket Server and Bitbucket Data Center versions 6.7.0 through 6.7.2, update to version 6.7.3 or later. For Bitbucket Server and Bitbucket Data Center versions 6.8.0 through 6.8.1, update to version 6.8.2 or later. For Bitbucket Server and Bitbucket Data Center version 6.9.0, update to version 6.9.1 or later.