The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
                
            References
                    | Link | Resource | 
|---|---|
| https://jira.atlassian.com/browse/BSERV-10595 | Vendor Advisory | 
| https://jira.atlassian.com/browse/BSERV-10595 | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    No history.
Information
                Published : 2018-02-02 14:29
Updated : 2024-11-21 03:19
NVD link : CVE-2017-18037
Mitre link : CVE-2017-18037
CVE.ORG link : CVE-2017-18037
JSON object : View
Products Affected
                atlassian
- bitbucket
CWE
                
                    
                        
                        CWE-22
                        
            Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
