{"id":16611,"date":"2021-07-08T10:56:50","date_gmt":"2021-07-08T08:56:50","guid":{"rendered":"https:\/\/herolab-usd.formwandler.rocks\/security-advisories\/usd-2019-0018\/"},"modified":"2021-07-19T14:11:26","modified_gmt":"2021-07-19T12:11:26","slug":"usd-2019-0018","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2019-0018\/","title":{"rendered":"usd-2019-0018"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<h1 class=\"h-custom-headline usd-small-letters h2\"><span>usd-2019-0018 | Bitbucket\/v5.10.1<\/span><\/h1>\n<p><span><\/span><\/p>\n<p><span><\/span><strong>Advisory ID<\/strong><span>: usd-2019-0018<\/span><br \/><strong>CVE Number<\/strong><span>: N\/A<\/span><br \/><strong>Affected Product<\/strong><span>: Bitbucket<\/span><br \/><strong>Affected Version<\/strong><span>: v5.10.1<\/span><br \/><strong>Vulnerability Type<\/strong><span>: User Enumeration<\/span><br \/><strong>Security Risk<\/strong><span>: Low<\/span><br \/><strong>Vendor URL<\/strong><span>: <\/span><a href=\"https:\/\/www.atlassian.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.atlassian.com<\/a><br \/><strong>Vendor Status<\/strong><span>: Not fixed<\/span><\/p>\n<h3><\/h3>\n<h3>Description<\/h3>\n<p><span>User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. The malicious actor is looking for differences in the server\u2019s response based on the validity of submitted credentials.<\/span><\/p>\n<h3><\/h3>\n<h3>Proof of Concept (PoC)<\/h3>\n<p><span>Unprivileged users are able to enumerate valid usernames. Hereto, an user sends a request to \u201e\/admin\/permissions\/users\u201c with following request<\/span><\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"9e260d37-0be2-4a12-a10e-3ed7e27b6ac6\" hover_enabled=\"0\" sticky_enabled=\"0\"]GET-Parameter \"?permission=LICENSED_USER&amp;amp;name=\".<\/code><\/pre>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<p><span>If the username exists, the server responds with an error message that the user has unsufficient rights for this process.<\/span><br \/><span>If the username does not exists, the server responds with a message that the user does not exists.<\/span><\/p>\n<p>[\/et_pb_text][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\"]<\/p>\n<h3>Fix<\/h3>\n<p>Even if the user doesn\u2019t exists, the server should respond with an error message which points out that the user doesn\u2019t have sufficient rights to execute the process.<\/p>\n<div class=\"e11855-22 x-container max width\">\n<div class=\"e11855-23 x-column x-sm x-1-1\"><\/div>\n<div class=\"e11855-23 x-column x-sm x-1-1\"><\/div>\n<h3 class=\"e11855-23 x-column x-sm x-1-1\">Timeline<\/h3>\n<\/div>\n<ul>\n<li>2019-03-28 Vulnerability securily submitted to security@atlassian.com<\/li>\n<li>2019-04-11 Second contact attempt via <a href=\"https:\/\/getsupport.atlassian.com\/\" target=\"_blank\" rel=\"noopener\">contact formular<\/a><\/li>\n<li>2019-05-23 Atlassian Security Team agreed with the publishment of the advisory<\/li>\n<li>2019-07-31 Security advisory released<\/li>\n<\/ul>\n<h3><\/h3>\n<h3>Credits<\/h3>\n<p><span>This security vulnerabilities were found by Tobias Neitzel and Julian Frey of usd AG.<\/span><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2019-0018 | Bitbucket\/v5.10.1 Advisory ID: usd-2019-0018CVE Number: N\/AAffected Product: BitbucketAffected Version: v5.10.1Vulnerability Type: User EnumerationSecurity Risk: LowVendor URL: https:\/\/www.atlassian.comVendor Status: Not fixed Description User enumeration is when a malicious actor can use brute-force to either guess or confirm valid users in a system. User enumeration is often a web application vulnerability, though it can also [&hellip;]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16611","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16611"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16611\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}