usd-2019-0019 | Bitbucket/v5.10.1
Advisory ID: usd-2019-0019
CVE Number: N/A
Affected Product: Bitbucket
Affected Version: v5.10.1
Vulnerability Type: File Enumeration
Security Risk: Low
Vendor URL: https://www.atlassian.com
Vendor Status: Not fixed
Description
The logfile analyzer inside the admin menu can be used to enumarate existing file names inside the operating system.
Proof of Concept (PoC)
If one specifies a path to a non existing file, the application displays a different error message as if the path would lead to an existing file.
This was tested with the paths „/etc/passwd“ and „/non/existend“.
Fix
Analysing logfiles should be limited to a specified part of the directory system.
Timeline
- 2019-03-28 Vulnerability securily submitted to security@atlassian.com
- 2019-04-11 Second contact attempt via contact formular
- 2019-05-23 Atlassian Security Team agreed with the publishment of the advisory
- 2019-07-31 Security advisory released
Credits
This security vulnerabilities were found by Tobias Neitzel and Julian Frey of usd AG.