CVE-2017-18037

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 47.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Bitbucket Atlassian Bitbucket Server

Timeline

PublishedFeb 2

Latest updateMay 14

Description

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version f…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5atlassian/bitbucket_server7 versions+6

▶NVDatlassian/bitbucket3.7.0 — 4.14.11+11

🔴Vulnerability Details

GHSA

GHSA-hc32-j6f3-59m8: The git repository tag rest resource in Atlassian Bitbucket Server from version 3↗2022-05-14

▶

CVEList

CVE-2017-18037: The git repository tag rest resource in Atlassian Bitbucket Server from version 3↗2018-02-02

▶