Directory traversal

2017-04-1003:59:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.2%

JSON

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.

CPENameOperatorVersion
bitbucketlt4.7.1

CPE	Name	Operator	Version
	bitbucket	lt	4.7.1

References

www.securityfocus.com/bid/97515

confluence.atlassian.com/bitbucketserver/bitbucket-server-4-7-release-notes-829052416.html

jira.atlassian.com/browse/BSERV-8819