CVE-2020-36233 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2020-36233?

CVE-2020-36233 has a CVSS score of 7.8 (HIGH). This vulnerability allows local attackers to escalate privileges on systems running vulnerable versions of Atlassian Bitbucket Server and Data Center due to weak permissions on the installation directory. Attackers with local access can exploit this to gain higher privileges than intended. This affects organizations using the Microsoft Windows Installer for Bitbucket Server/Data Center.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on systems running vulnerable versions of Atlassian Bitbucket Server and Data Center due to weak permissions on the installation directory. Attackers with local access can exploit this to gain higher privileges than intended. This affects organizations using the Microsoft Windows Installer for Bitbucket Server/Data Center.

💻 Affected Systems

Products:

Atlassian Bitbucket Server
Atlassian Bitbucket Data Center

Versions: Before 6.10.9, 7.x before 7.6.4, and 7.7.0 before 7.10.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using the Microsoft Windows Installer. Linux installations are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full administrative control over the Bitbucket instance, potentially compromising source code, credentials, and deployment pipelines.

🟠

Likely Case

Local user or compromised service account escalates privileges to modify Bitbucket configuration, access sensitive data, or execute arbitrary code.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized configuration changes that can be detected and reverted.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local access to the Windows system. Exploitation involves manipulating files in the weakly-permissioned installation directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.10.9, 7.6.4, or 7.10.1 and later

Vendor Advisory: https://jira.atlassian.com/browse/BSERV-12753

Restart Required: Yes

Instructions:

1. Download the patched version from Atlassian's website. 2. Stop the Bitbucket service. 3. Run the installer to upgrade. 4. Restart the service.

🔧 Temporary Workarounds

Restrict installation directory permissions

windows

Manually tighten permissions on the Bitbucket installation directory to prevent unauthorized write access.

icacls "C:\Program Files\Atlassian\Bitbucket" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /grant:r "<Bitbucket_Service_Account>:(OI)(CI)RX"

🧯 If You Can't Patch

Implement strict access controls to limit local user access to Bitbucket servers.
Monitor file system changes in the Bitbucket installation directory using Windows auditing or security tools.

🔍 How to Verify

Check if Vulnerable:

Check Bitbucket version via web interface (Admin > System Info) or command line: "%BITBUCKET_HOME%\bin\bitbucket.bat version"

Check Version:

"%BITBUCKET_HOME%\bin\bitbucket.bat version"

Verify Fix Applied:

Confirm version is 6.10.9+, 7.6.4+, or 7.10.1+ and verify installation directory permissions are properly restricted.

📡 Detection & Monitoring

Log Indicators:

Unexpected file modifications in Bitbucket installation directory
Unusual service account privilege escalation attempts

Network Indicators:

None - this is a local privilege escalation vulnerability

SIEM Query:

EventID=4663 AND ObjectName LIKE "%Bitbucket%" AND Accesses="WriteData" OR "AppendData"

📊 Metadata

CVE ID: CVE-2020-36233

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: February 18, 2021

Last Updated: November 21, 2024

🔗 References

https://jira.atlassian.com/browse/BSERV-12753 Issue Tracking,Vendor Advisory
https://www.kb.cert.org/vuls/id/240785 Third Party Advisory,US Government Resource
https://jira.atlassian.com/browse/BSERV-12753 Issue Tracking,Vendor Advisory
https://www.kb.cert.org/vuls/id/240785 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36233, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Bitbucket by Atlassian

Bitbucket by Atlassian

Bitbucket by Atlassian

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict installation directory permissions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities