Path Traversal Vulnerability in Atlassian Bitbucket Server
CVE-2017-18037

6.5MEDIUM

Key Information:

Vendor: Atlassian
Status: Bitbucket Server
Vendor: CVE Published:; 2 February 2018

Summary

A path traversal vulnerability exists in Atlassian Bitbucket Server that allows remote attackers to read sensitive files on the server by exploiting the git repository tag rest resource. This security flaw affects multiple versions and can potentially expose privileged information, making it critical for users to update to fixed versions promptly.

Affected Version(s)

Bitbucket Server from 3.7.0 prior to 4.14.11

Bitbucket Server from 5.0.0 prior to 5.0.9

Bitbucket Server from 5.1.0 prior to 5.1.8

References

https://jira.atlassian.com/browse/BSERV-10595

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 17, 2018