high
8.8
CWE
77
Advisory Published
Updated

CVE-2019-15010: Command Injection

First published: Wed Jan 15 2020(Updated: )

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.

Credit: security@atlassian.com

Affected SoftwareAffected VersionHow to fix
Atlassian Bitbucket>=3.0.0<5.6.11
Atlassian Bitbucket>=6.0.0<6.0.11
Atlassian Bitbucket>=6.1.0<6.1.9
Atlassian Bitbucket>=6.2.0<6.2.7
Atlassian Bitbucket>=6.3.0<6.3.6
Atlassian Bitbucket>=6.4.0<6.4.4
Atlassian Bitbucket>=6.5.0<6.5.3
Atlassian Bitbucket>=6.6.0<6.6.3
Atlassian Bitbucket>=6.7.0<6.7.3
Atlassian Bitbucket>=6.8.0<6.8.2
Atlassian Bitbucket>=6.9.0<6.9.1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2019-15010?

    CVE-2019-15010 is a vulnerability in Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1.

  • What is the severity of CVE-2019-15010?

    CVE-2019-15010 has a severity rating of 8.8 (high).

  • How does CVE-2019-15010 affect Bitbucket Server and Bitbucket Data Center?

    CVE-2019-15010 affects Bitbucket Server and Bitbucket Data Center versions mentioned previously, and can be exploited by an attacker to gain unauthorized access to sensitive information or execute arbitrary code.

  • How do I check if my Bitbucket Server or Bitbucket Data Center is affected?

    To check if your Bitbucket Server or Bitbucket Data Center version is affected, refer to the Atlassian Bitbucket release notes and compare the version number with the vulnerable versions mentioned in the vulnerability description.

  • How can I mitigate the CVE-2019-15010 vulnerability?

    To mitigate the CVE-2019-15010 vulnerability, it is recommended to upgrade your Bitbucket Server or Bitbucket Data Center to a patched version that is not vulnerable to the exploit. Refer to the Atlassian Bitbucket security advisory and follow the recommended upgrade process.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203