The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 prior to 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 prior to 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 prior to 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 prior to 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 prior to 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 prior to 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 prior to 5.5.1 (the fixed version for 5.5.x) and prior to 5.6.0 allows remote malicious users to read arbitrary files via a path traversal vulnerability through the name of a git tag.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian bitbucket |
||
atlassian bitbucket 5.5.2 |
||
atlassian bitbucket 5.5.3 |
||
atlassian bitbucket 5.5.4 |
||
atlassian bitbucket 5.5.5 |
||
atlassian bitbucket 5.5.0 |
||
atlassian bitbucket 5.5.6 |