Lucene search
AtlassianCVELIST:CVE-2017-18037HistoryFeb 02, 2017 - 12:00 a.m.
CVE-2017-18037
2017-02-0200:00:00
atlassian
www.cve.org
1
0.002 Low
EPSS
Percentile
55.4%
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
CNA Affected
[
{
"product": "Bitbucket Server",
"vendor": "Atlassian",
"versions": [
{
"status": "affected",
"version": "from 3.7.0 prior to 4.14.11"
},
{
"status": "affected",
"version": "from 5.0.0 prior to 5.0.9"
},
{
"status": "affected",
"version": "from 5.1.0 prior to 5.1.8"
},
{
"status": "affected",
"version": "from 5.2.0 prior to 5.2.6"
},
{
"status": "affected",
"version": "from 5.3.0 prior to 5.3.4"
},
{
"status": "affected",
"version": "from 5.4.0 prior to 5.4.2"
},
{
"status": "affected",
"version": "from 5.5.0 prior to 5.5.1"
}
]
}
]References
Related
atlassian
atlassian
prion
prion
Path traversal
2018-02-02 14:29:00
nvd
nvd
CVE-2017-18037
2018-02-02 14:29:00
cve
cve
CVE-2017-18037
2018-02-02 14:29:00