{"id": "RIPSTECH:BF4BBA867B90794960F9D94B46058A0A", "type": "ripstech", "bulletinFamily": "blog", "title": "Bitbucket 6.1.1 Path Traversal to RCE", "description": "Impact In Bitbucket the four different user roles Bitbucket User, Project Creator, Admin and System Admin exist. An attacker with the permissions of the role Admin can abuse Bitbucket's Data Center Migration tool to drop an executable shell script in an arbitrary directory. This is caused by a directory traversal within a TAR archive. In order to gain remote code execution, the attacker can drop a Git hook which is executed if a special event occurs in the repository e.", "published": "2019-09-03T06:27:27", "modified": "2019-09-03T06:27:27", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://blog.ripstech.com/2019/bitbucket-path-traversal-to-rce/", "reporter": "RIPS Technologies Blog", "references": [], "cvelist": [], "lastseen": "2020-08-07T08:49:48", "viewCount": 36, "enchantments": {"dependencies": {}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-28038"]}, {"type": "nessus", "idList": ["WEB_APPLICATION_SCANNING_98734", "WEB_APPLICATION_SCANNING_98735", "WEB_APPLICATION_SCANNING_98736", "WEB_APPLICATION_SCANNING_98737", "WEB_APPLICATION_SCANNING_98738", "WEB_APPLICATION_SCANNING_98739"]}]}, "exploitation": null, "vulnersScore": 5.6}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{}