The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
References
Link | Resource |
---|---|
https://jira.atlassian.com/browse/BSERV-10595 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2017-02-02T00:00:00
Updated: 2018-02-02T13:57:01
Reserved: 2018-01-17T00:00:00
Link: CVE-2017-18037
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-02-02T14:29:00.733
Modified: 2018-02-24T16:26:43.657
Link: CVE-2017-18037
JSON object: View
Redhat Information
No data.
CWE