File Write Vulnerability in Atlassian Bitbucket Server
CVE-2017-18087

7.5HIGH

Key Information:

Vendor: Atlassian
Status: Bitbucket Server
Vendor: CVE Published:; 15 February 2018

Summary

A remote file write vulnerability exists in Atlassian Bitbucket Server versions prior to 5.1.7, 5.2.5, 5.3.3, and 5.4.1 that allows attackers to write files to disk. This may potentially enable code execution or expose internal services through argument injection in the 'at' parameter. Exploitation is particularly concerning if a vulnerable version of Git is being utilized.

Affected Version(s)

Bitbucket Server from 5.1.0 prior to 5.1.7

Bitbucket Server from 5.2.0 prior to 5.2.5

Bitbucket Server from 5.3.0 prior to 5.3.3

References

http://www.securityfocus.com/bid/103038

vdb-entryx_refsource_BID

https://jira.atlassian.com/browse/BSERV-10593

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2018
Vulnerability Reserved
Feb 1, 2018