参考:
https://confluence.atlassian.com/bitbucketserver/bitbucket-data-center-path-traversal-in-the-migration-tool-rce-cve-2019-3397-969526871.html
https://jira.atlassian.com/browse/BSERV-11706
https://blog.ripstech.com/2019/bitbucket-path-traversal-to-rce/
https://blog.ripstech.com/2019/hidden-flaws-of-archives-java/
影响范围:
5.13.0 <= version < 5.13.6
5.14.0 <= version < 5.14.4
5.15.0 <= version < 5.15.3
5.16.0 <= version < 5.16.3
6.0.0 <= version < 6.0.3
6.1.0 <= version 6.1.2
修复版本:
5.13.6
5.14.4
5.15.3
5.16.3
6.0.3
6.1.2
缓解措施:
feature.data.center.migration.import=false in bitbucket.properties.
漏洞细节:
Bitbucket 有四个权限的账户:
Bitbucket User, Project Creator, Admin and System Admin
复现下载:
https://product-downloads.atlassian.com/software/stash/downloads/atlassian-bitbucket-6.6.1.zip
修改文件:
bin/set-bitbucket-home.sh
设置home
bin/_start-webapp.sh
设置调试参数。
启动:
bin/start-bitbucket.sh
然后会这7990端口启动web服务。