CVE-2019-3397

2019-05-2200:00:00

atlassian

www.cve.org

9.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

CNA Affected

[
  {
    "product": "Bitbucket Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "5.13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.13.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "5.14.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.14.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "5.15.0",
        "versionType": "custom"
      },
      {
        "lessThan": "5.15.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.1.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/BSERV-11706