CVE-2018-25332

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1

Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the 'git-lfs' endpoint, and execute system commands through an exposed exploit endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.