[BSERV-10595] Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037 - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 5.3.4, 5.4.2, 5.0.9, 5.1.8, 5.2.6, 4.14.11, 5.5.1, 5.6.0
Affects Version/s: 3.7.0, 3.11.6, 4.14.10, 5.5.0
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

mentioned in: Page Failed to load

Form Name

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Security Metrics Bot

Affected customers:: 0 This affects my team

Watchers:: 1 Start watching this issue

Created:: 02/Feb/2018 12:12 AM

Updated:: 05/Dec/2019 1:33 AM

Resolved:: 02/Feb/2018 12:52 AM

Details

Description

Attachments

Issue Links

Forms

Activity

[BSERV-10595] Path traversal through the name of a git tag in the git repository tag rest resource - CVE-2017-18037

People

Dates