CVE-2017-18037
MEDIUMAtlassian Bitbucket Path Traversal via Git Tag Name
Title source: llmDescription
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jira.atlassian.com/browse/BSERV-10595
Scores
CVSS v3
6.5
EPSS
0.0029
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (7)
atlassian/bitbucket
5.5.0
atlassian/bitbucket
5.5.2
atlassian/bitbucket
5.5.3
atlassian/bitbucket
5.5.4
atlassian/bitbucket
5.5.5
atlassian/bitbucket
5.5.6
atlassian/bitbucket
3.7.0 - 4.14.11
Published
Feb 02, 2018
Tracked Since
Feb 18, 2026