Home / Companies / Sonar / Blog / Post Details
Content Deep Dive

Bitbucket 6.1.1 Path Traversal to RCE

Blog post from Sonar

Post Details
Company
Date Published
Author
Johannes Dahse
Word Count
999
Company Posts That Month
1
Language
English
Hacker News Points
-
Summary

The security vulnerability discovered in Bitbucket is caused by insecure extraction of a compressed TAR archive, allowing an attacker to traverse directories and execute arbitrary code through Git hooks. The issue was reported in February 2019 and fixed in version 6.1.2 of Bitbucket in April 2019. Multiple attack scenarios exist, including exploiting the vulnerability with a Bitbucket Data Center license and targeting users with lower permissions than Admin or System Admin to gain control over the server. It is recommended to update to the latest version of Bitbucket Data Center to mitigate this risk.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Serverless 3 459 62 28 +84%