The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Bitbucket Server

Affected Versions:

from 3.7.0 prior to 4.14.11 from 5.0.0 prior to 5.0.9 from 5.1.0 prior to 5.1.8 from 5.2.0 prior to 5.2.6 from 5.3.0 prior to 5.3.4 from 5.4.0 prior to 5.4.2 from 5.5.0 prior to 5.5.1

References

https://jira.atlassian.com/browse/BSERV-10595

Published: 2018-02-02T14:00:00Z

Last Modified: 2024-09-16T20:27:24.181Z

Copied to clipboard!