CVE-2017-18037

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

Published: Feb 2, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-18037
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
atlassian / bitbucket	3.7.0	4.14.11
atlassian / bitbucket	5.5.0	5.5.0.x
atlassian / bitbucket	5.5.2	5.5.2.x
atlassian / bitbucket	5.5.3	5.5.3.x
atlassian / bitbucket	5.5.4	5.5.4.x
atlassian / bitbucket	5.5.5	5.5.5.x
atlassian / bitbucket	5.5.6	5.5.6.x
atlassian / bitbucket	5.0.0	5.0.9
atlassian / bitbucket	5.1.0	5.1.8
atlassian / bitbucket	5.2.0	5.2.6
atlassian / bitbucket	5.3.0	5.3.4
atlassian / bitbucket	5.4.0	5.4.2

https://jira.atlassian.com/browse/BSERV-10595

Vulnerability Database

289,784

CVE-2017-18037