Path traversal

2019-06-0314:29:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

75.0%

JSON

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

CPENameOperatorVersion
bitbucketge6.1.0
bitbucketlt6.1.2
bitbucketge6.0.0
bitbucketlt6.0.3
bitbucketge5.16.0
bitbucketlt5.16.3
bitbucketge5.15.0
bitbucketlt5.15.3
bitbucketge5.14.0
bitbucketlt5.14.4

Name	Operator	Version
bitbucket	ge	6.1.0
bitbucket	lt	6.1.2
bitbucket	ge	6.0.0
bitbucket	lt	6.0.3
bitbucket	ge	5.16.0
bitbucket	lt	5.16.3
bitbucket	ge	5.15.0
bitbucket	lt	5.15.3
bitbucket	ge	5.14.0
bitbucket	lt	5.14.4