Published: 03/06/2019 Updated: 03/06/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 9.1 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 prior to 5.13.6 (the fixed version for 5.13.x), from 5.14.0 prior to 5.14.4 (fixed version for 5.14.x), from 5.15.0 prior to 5.15.3 (fixed version for 5.15.x), from 5.16.0 prior to 5.16.3 (fixed version for 5.16.x), from 6.0.0 prior to 6.0.3 (fixed version for 6.0.x), and from 6.1.0 prior to 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian bitbucket

BitBucket Tar\/ersal to Remote Code Execution - CVE-2019-3397 Description Atlassian Bitbucket Data Center licensed instances starting with version 5130 before 5136 (the fixed version for 513x), from 5140 before 5144 (fixed version for 514x), from 5150 before 5153 (fixed version for 515x), from 5160 before 5163 (fixed version for 516x), from 600 befor

CWE-22 https://jira.atlassian.com/browse/BSERV-11706 https://nvd.nist.gov https://github.com/gengstah/bitbucket-path-traversal-rce

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-3397

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect