Lucene search

46ac2648bc84BSERV-19350

HistoryApr 03, 2024 - 8:56 a.m.

Bitbucket Data Center is affected by CVE-2024-25710

2024-04-0308:56:14

46ac2648bc84

jira.atlassian.com

bitbucket

data center

cve-2024-25710

commons-compress-1.21.jar

security issue

8.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

25.8%

JSON

h3. Issue Summary
Bitbucket is affected by [CVE-2024-25710|https://nvd.nist.gov/vuln/detail/CVE-2024-25710]

The affected file <installation-directory>/app/WEB-INF/lib/commons-compress-1.21.jar

h3. Steps to Reproduce
N/A

h3. Expected Results
N/A

h3. Actual Results
N/A

h3. Workaround
Currently, there is no known workaround for this behavior. A workaround will be added here when available

Affected configurations

Vulners

Node

atlassianbitbucket_data_centerRange≤8.19.0

atlassianbitbucket_data_centerRange≤8.9.11

atlassianbitbucket_data_centerRange≤8.15.5

atlassianbitbucket_data_centerRange≤8.16.4

atlassianbitbucket_data_centerRange≤8.17.2

atlassianbitbucket_data_centerRange≤8.18.1

atlassianbitbucket_data_centerRange<8.19.1

atlassianbitbucket_data_centerRange<8.9.12

CPENameOperatorVersion
bitbucket data centerle8.19.0
bitbucket data centerle8.9.11
bitbucket data centerle8.15.5
bitbucket data centerle8.16.4
bitbucket data centerle8.17.2
bitbucket data centerle8.18.1
bitbucket data centerlt8.19.1
bitbucket data centerlt8.9.12

Name	Operator	Version
bitbucket data center	le	8.19.0
bitbucket data center	le	8.9.11
bitbucket data center	le	8.15.5
bitbucket data center	le	8.16.4
bitbucket data center	le	8.17.2
bitbucket data center	le	8.18.1
bitbucket data center	lt	8.19.1
bitbucket data center	lt	8.9.12