{"containers": {"cna": {"affected": [{"product": "Bitbucket Server", "vendor": "Atlassian", "versions": [{"lessThan": "6.10.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.0.0", "versionType": "custom"}, {"lessThan": "7.6.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "7.10.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Bitbucket Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "6.10.9", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.0.0", "versionType": "custom"}, {"lessThan": "7.6.4", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.7.0", "versionType": "custom"}, {"lessThan": "7.10.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."}], "problemTypes": [{"descriptions": [{"description": "Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-18T19:06:08", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/BSERV-12753"}, {"name": "VU#240785", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/240785"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-02-16T00:00:00", "ID": "CVE-2020-36233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Bitbucket Server", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.9"}, {"version_affected": ">=", "version_value": "7.0.0"}, {"version_affected": "<", "version_value": "7.6.4"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": "<", "version_value": "7.10.1"}]}}, {"product_name": "Bitbucket Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "6.10.9"}, {"version_affected": ">=", "version_value": "7.0.0"}, {"version_affected": "<", "version_value": "7.6.4"}, {"version_affected": ">=", "version_value": "7.7.0"}, {"version_affected": "<", "version_value": "7.10.1"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/BSERV-12753", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/BSERV-12753"}, {"name": "VU#240785", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/240785"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:23:09.677Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/BSERV-12753"}, {"name": "VU#240785", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/240785"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2020-36233", "datePublished": "2021-02-18T15:16:22.101146Z", "dateReserved": "2021-01-27T00:00:00", "dateUpdated": "2024-09-16T19:30:12.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "8494F78A-D66A-406E-B395-9DB33C290A84", "versionEndExcluding": "6.10.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E4BCCD6-7814-47FE-8294-AFA009FE2031", "versionEndExcluding": "7.6.4", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "742F96A9-980E-463E-AB11-4347389DEC13", "versionEndExcluding": "7.10.1", "versionStartIncluding": "7.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."}, {"lang": "es", "value": "El Microsoft Windows Installer para Atlassian Bitbucket Server y Data Center versiones anteriores a 6.10.9, versiones 7.x anteriores a 7.6.4 y desde versi\u00f3n 7.7.0 versiones anteriores a 7.10.1, permite a los atacantes locales escalar privilegios debido a permisos d\u00e9biles en el directorio de instalaci\u00f3n"}], "id": "CVE-2020-36233", "lastModified": "2024-11-21T05:29:06.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-18T20:15:12.587", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BSERV-12753"}, {"source": "security@atlassian.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/240785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BSERV-12753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/240785"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}