The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

CPENameOperatorVersion
bitbucket serverle5.3.0
bitbucket serverlt5.4.1
bitbucket serverle5.1.0
bitbucket serverlt5.2.5
bitbucket serverlt5.3.3
bitbucket serverle5.2.0
bitbucket serverlt5.5.0
bitbucket serverle5.4.0
bitbucket serverlt5.1.7

Name	Operator	Version
bitbucket server	le	5.3.0
bitbucket server	lt	5.4.1
bitbucket server	le	5.1.0
bitbucket server	lt	5.2.5
bitbucket server	lt	5.3.3
bitbucket server	le	5.2.0
bitbucket server	lt	5.5.0
bitbucket server	le	5.4.0
bitbucket server	lt	5.1.7

cve 6

prion 6

atlassian 1

nvd 6

cvelist 6

suse 4

openvas 26

ubuntu 1

fedora 2

osv 7

alpinelinux 1

nessus 36

centos 2

redhat 5

oraclelinux 2

amazon 1

archlinux 2

ubuntucve 5

packetstorm 1

redhatcve 3

debian 6

debiancve 5

gentoo 1

cloudfoundry 1

checkpoint_advisories 1

veracode 2

mageia 1

slackware 1

metasploit 1

exploitdb 1

myhack58 1

hackerone 1

ibm 2

freebsd 1

github 1

apple 2

cve

CVE-2017-18087

2018-02-15 13:29:00

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-12976

2017-08-20 20:29:00

prion

Code injection

2018-02-15 13:29:00

Security feature bypass

2017-10-05 01:29:00

Sql injection

2017-08-20 20:29:00

atlassian

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

2018-02-02 00:11:43

nvd

CVE-2017-18087

2018-02-15 13:29:00

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-12976

2017-08-20 20:29:00

cvelist

CVE-2017-18087

2018-02-15 00:00:00

CVE-2017-1000117

2017-10-04 01:00:00

CVE-2017-12976

2017-08-20 20:00:00

suse

Security update for git (important)

2017-08-17 00:08:53

Security update for git (important)

2017-08-21 18:07:57

Security update for git (important)

2017-09-01 03:10:54

openvas

Ubuntu: Security Advisory (USN-3387-1)

2017-08-11 00:00:00

openSUSE: Security Advisory for git (openSUSE-SU-2017:2182-1)

2017-08-17 00:00:00

RedHat Update for git RHSA-2017:2484-01

2017-08-17 00:00:00

ubuntu

Git vulnerability

2017-08-11 00:00:00

fedora

[SECURITY] Fedora 25 Update: git-2.9.5-1.fc25

2017-08-14 00:56:27

[SECURITY] Fedora 26 Update: git-2.13.5-1.fc26

2017-08-13 20:56:31

osv

CVE-2017-1000117

2017-10-05 01:29:04

git - security update

2017-08-27 00:00:00

git - security update

2017-08-10 00:00:00

alpinelinux

CVE-2017-1000117

2017-10-05 01:29:04

nessus

NewStart CGSL MAIN 4.05 : git Vulnerability (NS-SA-2019-0120)

2019-08-12 00:00:00

Scientific Linux Security Update : git on SL7.x x86_64 (20170817)

2017-08-22 00:00:00

CentOS 6 : git (CESA-2017:2485)

2017-08-18 00:00:00

centos

emacs, git, gitk, gitweb, perl security update

2017-08-17 10:26:34

emacs, git, gitk, gitweb, perl security update

2017-08-24 09:43:50

redhat

(RHSA-2017:2485) Important: git security update

2017-08-16 21:46:48

(RHSA-2017:2484) Important: git security update

2017-08-16 21:46:19

(RHSA-2017:2491) Important: rh-git29-git security update

2017-08-17 21:33:27

oraclelinux

git security update

2017-08-17 00:00:00

git security update

2017-08-16 00:00:00

amazon

Important: git

2017-08-31 16:00:00

archlinux

[ASA-201708-6] git: arbitrary command execution

2017-08-12 00:00:00

[ASA-201708-7] mercurial: multiple issues

2017-08-12 00:00:00

ubuntucve

CVE-2017-1000117

2017-08-10 00:00:00

CVE-2017-12976

2017-08-20 00:00:00

CVE-2017-16228

2017-10-29 00:00:00

packetstorm

Malicious GIT HTTP Server

2017-08-30 00:00:00

redhatcve

CVE-2017-1000117

2021-03-20 20:53:20

CVE-2017-16228

2017-11-03 14:19:26

CVE-2017-14176

2017-09-12 07:48:25

debian

[SECURITY] [DSA 3934-1] git security update

2017-08-10 19:05:06

[SECURITY] [DSA 3934-1] git security update

2017-08-10 19:05:06

[SECURITY] [DLA 1068-1] git security update

2017-08-27 18:18:39

debiancve

CVE-2017-1000117

2017-10-05 01:29:04

CVE-2017-12976

2017-08-20 20:29:00

CVE-2017-16228

2017-10-29 20:29:00

gentoo

Git: Command injection

2017-09-17 00:00:00

cloudfoundry

USN-3387-1: Git vulnerability | Cloud Foundry

2017-08-17 00:00:00

checkpoint_advisories

Git ssh URL Processing Command Execution (CVE-2017-1000117)

2018-05-02 00:00:00

veracode

Remote Code Execution (RCE)

2019-01-15 09:18:24

Arbitrary Command Execution

2017-10-30 00:47:04

mageia

Updated git packages fix security vulnerability

2017-08-14 01:19:29

slackware

[slackware-security] git

2017-08-11 23:10:53

metasploit

Malicious Git HTTP Server For CVE-2017-1000117

2017-08-13 03:47:44

exploitdb

Git < 2.7.5 - Command Injection (Metasploit)

2017-08-31 00:00:00

myhack58

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

2017-08-11 00:00:00

hackerone

Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS

2017-08-14 20:53:18

ibm

Security Bulletin: Vulnerabilities in git affect PowerKVM

2018-06-18 01:38:04

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-20 18:56:04

freebsd

Mercurial -- multiple vulnerabilities

2017-08-10 00:00:00

github

Dulwich RCE Vulnerability

2022-05-13 01:44:04

apple

About the security content of Xcode 9

2017-09-19 00:00:00

About the security content of Xcode 9 - Apple Support

2017-11-02 11:30:54

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.552 Medium

EPSS

Percentile

97.7%

JSON

Related for ATLASSIAN:BSERV-10593