Vulnerability Description
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Bitbucket | >= 5.1.0, < 5.1.7 |
References
- http://www.securityfocus.com/bid/103038Third Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/BSERV-10593Vendor Advisory
- http://www.securityfocus.com/bid/103038Third Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/BSERV-10593Vendor Advisory
FAQ
What is CVE-2017-18087?
CVE-2017-18087 is a vulnerability with a CVSS score of 7.5 (HIGH). The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5....
How severe is CVE-2017-18087?
CVE-2017-18087 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18087?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Bitbucket.