CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18087
https://notcve.org/view.php?id=CVE-2017-18087
15 Feb 2018 — The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. El recurso down... • http://www.securityfocus.com/bid/103038 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18088
https://notcve.org/view.php?id=CVE-2017-18088
15 Feb 2018 — Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. Varios ... • http://www.securityfocus.com/bid/103040 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18036
https://notcve.org/view.php?id=CVE-2017-18036
02 Feb 2018 — The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. El importador de repositorios Github en Atlassian Bitbucket Server, en versiones anteriores a la 5.3.0, permite que atacantes remotos determinen si un servicio al que no hubiesen podido acceder de otra forma tiene puertos abiertos mediante una vulnerabilidad de SSRF (Server-Sid... • http://www.securityfocus.com/bid/102932 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-18037
https://notcve.org/view.php?id=CVE-2017-18037
02 Feb 2018 — The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) an... • https://jira.atlassian.com/browse/BSERV-10595 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18038
https://notcve.org/view.php?id=CVE-2017-18038
02 Feb 2018 — The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. El recurso de opciones del repositorio en Atlassian Bitbucket Server, en versiones anteriores a la 5.6.0, permite que atacantes remotos lean la primera línea de archivos arbitrarios mediante una vulnerabilidad de salto de directorio a través del nombre de rama por defecto. • https://jira.atlassian.com/browse/BSERV-10592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •