Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-36233

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

Published

2021-02-18T20:15:12.587

Last Modified

2024-11-21T05:29:06.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	bitbucket	< 6.10.9	Yes
Application	atlassian	bitbucket	< 7.6.4	Yes
Application	atlassian	bitbucket	< 7.10.1	Yes
Operating System	microsoft	windows	-	No

References

https://jira.atlassian.com/browse/BSERV-12753 Issue Tracking, Vendor Advisory ([email protected])
https://www.kb.cert.org/vuls/id/240785 Third Party Advisory, US Government Resource ([email protected])
https://jira.atlassian.com/browse/BSERV-12753 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/240785 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)