Path traversal vulnerability in Atlassian Bitbucket Server allows remote attackers to read arbitrary files via a git tag name.

Path traversal vulnerability in Atlassian Bitbucket Server allows remote attackers to read arbitrary files via a git tag name.

CVE-2017-18037 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

Learn more about our Cis Benchmark Audit For Server Software.