CVE-2016-4320

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 30.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bitbucket
Timeline
PublishedApr 10
Latest updateMay 14

Description

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5atlassian_bitbucket_server_before_4.7.1Atlassian Bitbucket Server before 4.7.1
NVDatlassian/bitbucket< 4.7.1

🔴Vulnerability Details

2
GHSA
GHSA-mmfc-28m2-824q: Atlassian Bitbucket Server before 42022-05-14
CVEList
CVE-2016-4320: Atlassian Bitbucket Server before 42017-04-10
CVE-2016-4320 (MEDIUM CVSS 4.3) | Atlassian Bitbucket Server before 4 | cvebase.io