Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-10595

Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037

    XMLWordPrintable

    Details

    • Symptom Severity:
      Major

      Description

      The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              security-metrics-bot SecurityB
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: