CVE-2020-36233
HIGHAtlassian Bitbucket <6.10.9, 7.x<7.6.4, 7.7.0-7.10.1 Local Privilege Escalation
Title source: llmDescription
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://jira.atlassian.com/browse/BSERV-12753
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/240785
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-276
Status
published
Products (1)
atlassian/bitbucket
< 6.10.9
Published
Feb 18, 2021
Tracked Since
Feb 18, 2026