==================================================================== CERT-Renater Note d'Information No. 2021/VULN142 _____________________________________________________________________ DATE : 05/03/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Windows running Atlassian Bitbucket versions 6, 7 prior to 7.6.4, 7.10.1, 6.10.9. ===================================================================== https://jira.atlassian.com/browse/BSERV-12753 https://kb.cert.org/vuls/id/240785 _____________________________________________________________________ Privilege Escalation Vulnerability in Atlassian Bitbucket on Windows - CVE-2020-36233 Details Type: Public Security Vulnerability Status: Published (View Workflow) Priority: Low Resolution: Fixed Affects Version/s: 6.10.0, 7.8.0 Fix Version/s: 7.6.4, 7.10.1, 6.10.9 Component/s: Security - Other Labels: CVE-2020-36233 advisory advisory-released security Symptom Severity: Severity 1 - Critical CVSS Score: 7.8 Description Issue Summary Atlassian Bitbucket on Windows fails to properly set ACLs on its installation directory. Because Bitbucket installs High-privileged services, this allows for multiple privilege escalation vulnerability possibilities. Affected Versions The following versions are only affected on Windows: All versions < 6.10.9 7.x < 7.6.4 7.7.x 7.8.x 7.9.x 7.10.0 Fixed Versions 6.10.9 (Long Term Support release) 7.6.4 (Long Term Support release) 7.10.1 Issue Links relates to VULN-229700 Failed to load Activity Comments badeloye@atlassian.com Brian Adeloye added a comment - 16/Feb/2021 7:51 PM This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 7.8 => High severity Exploitability Metrics Attack Vector Local Attack Complexity Low Privileges Required Low User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability High https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H _____________________________________________________________________ Atlassian Bitbucket on Windows is vulnerable to privilege escalation due to weak ACLs Vulnerability Note VU#240785 Original Release Date: 2021-02-18 | Last Revised: 2021-02-18 Overview Atlassian Bitbucket on Windows fails to properly set ACLs, which can allow an unprivileged Windows user to run arbitrary code with SYSTEM privileges. Description The Atlassian Bitbucket Windows installer fails to set a secure access-control list (ACL) on the default installation directory, such as C:\Atlassian\Bitbucket\. By default, unprivileged users can create files in this directory structure, which creates a privilege-escalation vulnerability. Impact By placing a specially-crafted DLL file in the Bitbucket installation directory, an unprivileged user may be able to execute arbitrary code with SYSTEM privileges on a Windows system with the vulnerable Bitbucket software installed. See DLL Search Order Hijacking for more details. Solution Apply an update This issue has been addressed in the Bitbucket Windows installer for versions 7.10.1, 7.6.4, and 6.10.9. Please see https://jira.atlassian.com/browse/BSERV-12753 for more details. Acknowledgements This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann. Vendor Information Atlassian Affected Notified: 2020-11-24 Updated: 2021-02-18 Statement Date: February 01, 2021 CVE-2020-36233 Affected Vendor Statement We have not received a statement from the vendor. References https://jira.atlassian.com/browse/BSERV-12753 References https://jira.atlassian.com/browse/BSERV-12753 Other Information CVE IDs: CVE-2020-36233 Date Public: 2021-02-18 Date First Published: 2021-02-18 Date Last Updated: 2021-02-18 18:01 UTC Document Revision: 1 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================