CVE-2019-3397
N/A
N/A
Summary
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Bitbucket Data Center | 5.13.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 5.13.6 | affected |
| Atlassian | Bitbucket Data Center | 5.14.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 5.14.4 | affected |
| Atlassian | Bitbucket Data Center | 5.15.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 5.15.3 | affected |
| Atlassian | Bitbucket Data Center | 6.0.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 6.0.3 | affected |
| Atlassian | Bitbucket Data Center | 6.1.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 6.1.2 | affected |
Weaknesses
- Path Traversal
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.