usd-2019-0019 | Bitbucket/v5.10.1

Advisory ID: usd-2019-0019
CVE Number: N/A
Affected Product: Bitbucket
Affected Version: v5.10.1
Vulnerability Type: File Enumeration
Security Risk: Low
Vendor URL: https://www.atlassian.com
Vendor Status: Not fixed

Description

The logfile analyzer inside the admin menu can be used to enumarate existing file names inside the operating system.

Proof of Concept (PoC)

If one specifies a path to a non existing file, the application displays a different error message as if the path would lead to an existing file.
This was tested with the paths „/etc/passwd“ and „/non/existend“.

Fix

Analysing logfiles should be limited to a specified part of the directory system.

Timeline

2019-03-28 Vulnerability securily submitted to security@atlassian.com
2019-04-11 Second contact attempt via contact formular
2019-05-23 Atlassian Security Team agreed with the publishment of the advisory
2019-07-31 Security advisory released

Credits

This security vulnerabilities were found by Tobias Neitzel and Julian Frey of usd AG.

usd-2019-0019 | Bitbucket/v5.10.1

Description

Proof of Concept (PoC)

Fix

Timeline

Credits

About usd Security Advisories

Disclaimer

usd HeroLab

LabNews

Security Advisory zu Gambio

Security Advisories zu SONIX und SAP

The Surprising Complexity of Finding Known Vulnerabilities

Folgen Sie uns