3 matches found
CVE-2020-36233
CVE-2020-36233 affects Atlassian Bitbucket on Windows where the Windows Installer creates weak ACLs in the installation directory, enabling local privilege escalation. Affected Bitbucket Server/Data Center installers include all versions prior to 6.10.9, 7.x prior to 7.6.4, and 7.7.0 up to 7.10.0...
Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs
Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list ACL on the default installation directory,...
Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233
h3. Issue Summary Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities. h3. Affected Versions The following versions are only affected...