[BSERV-10593] Argument injection in the download commit resource through the at parameter - CVE-2017-18087 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.5.0, 5.4.1, 5.1.7, 5.2.5, 5.3.3
Affects Version/s: 5.1.0, 5.2.0, 5.3.0, 5.4.0
Component/s: None
Labels:

Symptom Severity:
Severity 1 - Critical
Bug Fix Policy:
View Atlassian Server bug fix policy

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

mentioned in: Page Failed to load

Security Metrics Bot added a comment - 02/Feb/2018 12:11 AM - edited

This is an independent assessment and you should evaluate its applicability to your own IT environment.
CVSS v3 score: 8.5 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	High
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

See http://go.atlassian.com/cvss for more details.

https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Security Metrics Bot added a comment - 02/Feb/2018 12:11 AM - edited This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 8.5 => High severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability High See http://go.atlassian.com/cvss for more details. https://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Feb/2018 12:11 AM

Updated:: 05/Dec/2019 1:30 AM

Resolved:: 02/Feb/2018 3:13 AM

Bitbucket Data Center

Details

Description

Attachments

Issue Links

Forms

Activity

[BSERV-10593] Argument injection in the download commit resource through the at parameter - CVE-2017-18087

Collapse comment: Security Metrics Bot added a comment - 02/Feb/2018 12:11 AM, Edited by David Black - 14/Feb/2018 6:26 AM

Expand comment: Security Metrics Bot added a comment - 02/Feb/2018 12:11 AM, Edited by David Black - 14/Feb/2018 6:26 AM

People

Dates

Backbone Issue Sync