CVE-2019-15010 Vulnerability Details

  /     /     /  

CVE-2019-15010 Metadata Quick Info

CVE Published: 15/01/2020 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: atlassian | Vendor: Atlassian | Product: Bitbucket Server
Status : PUBLISHED

---

CVE-2019-15010 Description

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\'s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\'s Bitbucket Server or Bitbucket Data Center instance.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Expression Language Injection
Source: Atlassian

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).