CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-18037
https://notcve.org/view.php?id=CVE-2017-18037
02 Feb 2018 — The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) an... • https://jira.atlassian.com/browse/BSERV-10595 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18038
https://notcve.org/view.php?id=CVE-2017-18038
02 Feb 2018 — The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. El recurso de opciones del repositorio en Atlassian Bitbucket Server, en versiones anteriores a la 5.6.0, permite que atacantes remotos lean la primera línea de archivos arbitrarios mediante una vulnerabilidad de salto de directorio a través del nombre de rama por defecto. • https://jira.atlassian.com/browse/BSERV-10592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4320
https://notcve.org/view.php?id=CVE-2016-4320
10 Apr 2017 — Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Atlassian Bitbucket Server en versiones anteriores a 4.7.1 permite a atacantes remotos leer la primera línea de un archivo arbitrario a través de un ataque de salto de directorio en el recurso de solicitudes de extracción. • http://www.securityfocus.com/bid/97515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •