The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/BSERV-10595 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2018-02-02T14:00:00Z
Updated: 2024-09-16T20:27:24.181Z
Reserved: 2018-01-17T00:00:00
Link: CVE-2017-18037
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-02-02T14:29:00.733
Modified: 2024-11-21T03:19:13.383
Link: CVE-2017-18037
Redhat
No data.