CVE-2017-18037
N/A
Summary
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Bitbucket Server | from 3.7.0 prior to 4.14.11 | affected |
| Atlassian | Bitbucket Server | from 5.0.0 prior to 5.0.9 | affected |
| Atlassian | Bitbucket Server | from 5.1.0 prior to 5.1.8 | affected |
| Atlassian | Bitbucket Server | from 5.2.0 prior to 5.2.6 | affected |
| Atlassian | Bitbucket Server | from 5.3.0 prior to 5.3.4 | affected |
| Atlassian | Bitbucket Server | from 5.4.0 prior to 5.4.2 | affected |
| Atlassian | Bitbucket Server | from 5.5.0 prior to 5.5.1 | affected |
Weaknesses
- Path Traversal
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.