7.8

CVE-2020-36233

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianBitbucket Version < 6.10.9
   MicrosoftWindows Version-
AtlassianBitbucket Version >= 7.0.0 < 7.6.4
   MicrosoftWindows Version-
AtlassianBitbucket Version >= 7.7.0 < 7.10.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.176
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://jira.atlassian.com/browse/BSERV-12753
Vendor Advisory
Issue Tracking
https://www.kb.cert.org/vuls/id/240785
Third Party Advisory
US Government Resource