CVE-2019-3397
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
Atlassian Bitbucket Data Center con licencias que comienzan con la versión 5.13.0 anterior a la 5.13.6 (la versión fija para 5.13.x), desde la versión 5.14.0 anterior a la 5.14.4 (versión fija para la 5.14.x), desde la versión 5.15.0 hasta la 5.15. 3 (versión fija para 5.15.x), de versión 5.16.0 anterior a 5.16.3 (versión fija de 5.16.x), desde versión 6.0.0 anterior a 6.0.3 (versión fija para 6.0.x), y desde versión 6.1.0 anterior a 6.1.2 (la versión fija para 6.1.x), permite a los atacanterior remotos con permisos de administrador lograr la ejecución de código remota en una instancia del servidor Bitbucket por medio de un salto de path (path trasversal) de la herramienta de migración del Centro de Datos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-12-19 CVE Reserved
- 2019-05-23 CVE Published
- 2023-07-13 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://jira.atlassian.com/browse/BSERV-11706 | 2019-06-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.13.0 < 5.13.6 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.13.0 < 5.13.6" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.14.0 < 5.14.4 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.14.0 < 5.14.4" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.15.0 < 5.15.3 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.15.0 < 5.15.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 5.16.0 < 5.16.3 Search vendor "Atlassian" for product "Bitbucket" and version " >= 5.16.0 < 5.16.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 6.0.0 < 6.0.3 Search vendor "Atlassian" for product "Bitbucket" and version " >= 6.0.0 < 6.0.3" | - |
Affected
| ||||||
| Atlassian Search vendor "Atlassian" | Bitbucket Search vendor "Atlassian" for product "Bitbucket" | >= 6.1.0 < 6.1.2 Search vendor "Atlassian" for product "Bitbucket" and version " >= 6.1.0 < 6.1.2" | - |
Affected
| ||||||