cvelist/2017/18xxx/CVE-2017-18037.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "security@atlassian.com",
      "DATE_PUBLIC" : "2017-02-02T00:00:00",
      "ID" : "CVE-2017-18037",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Bitbucket Server",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "from 3.7.0 prior to 4.14.11"
                              },
                              {
                                 "version_value" : "from 5.0.0 prior to 5.0.9"
                              },
                              {
                                 "version_value" : "from 5.1.0 prior to 5.1.8"
                              },
                              {
                                 "version_value" : "from 5.2.0 prior to 5.2.6"
                              },
                              {
                                 "version_value" : "from 5.3.0 prior to 5.3.4"
                              },
                              {
                                 "version_value" : "from 5.4.0 prior to 5.4.2"
                              },
                              {
                                 "version_value" : "from 5.5.0 prior to 5.5.1"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Atlassian"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Path Traversal"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://jira.atlassian.com/browse/BSERV-10595",
            "refsource" : "CONFIRM",
            "url" : "https://jira.atlassian.com/browse/BSERV-10595"
         }
      ]
   }
}
- Synchronized data. 2018-01-17 18:02:43 -05:00			`{`
- Synchronized data. 2018-02-02 09:04:34 -05:00			`"CVE_data_meta" : {`
			`"ASSIGNER" : "security@atlassian.com",`
			`"DATE_PUBLIC" : "2017-02-02T00:00:00",`
			`"ID" : "CVE-2017-18037",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
Add CVE-2017-18036 CVE-2017-18037 CVE-2017-18038 CVE-2017-18039 CVE-2017-18040 CVE-2017-18041 CVE-2017-18042 CVE-2017-18080 CVE-2017-18081 CVE-2017-18082 CVE-2017-18083 CVE-2017-18084 CVE-2017-18085 CVE-2017-18086 . 2018-02-02 16:50:18 +11:00			`{`
- Synchronized data. 2018-02-02 09:04:34 -05:00			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Bitbucket Server",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "from 3.7.0 prior to 4.14.11"`
			`},`
			`{`
			`"version_value" : "from 5.0.0 prior to 5.0.9"`
			`},`
			`{`
			`"version_value" : "from 5.1.0 prior to 5.1.8"`
			`},`
			`{`
			`"version_value" : "from 5.2.0 prior to 5.2.6"`
			`},`
			`{`
			`"version_value" : "from 5.3.0 prior to 5.3.4"`
			`},`
			`{`
			`"version_value" : "from 5.4.0 prior to 5.4.2"`
			`},`
			`{`
			`"version_value" : "from 5.5.0 prior to 5.5.1"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Atlassian"`
Add CVE-2017-18036 CVE-2017-18037 CVE-2017-18038 CVE-2017-18039 CVE-2017-18040 CVE-2017-18041 CVE-2017-18042 CVE-2017-18080 CVE-2017-18081 CVE-2017-18082 CVE-2017-18083 CVE-2017-18084 CVE-2017-18085 CVE-2017-18086 . 2018-02-02 16:50:18 +11:00			`}`
- Synchronized data. 2018-02-02 09:04:34 -05:00			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			"value" : "The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag."
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Path Traversal"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://jira.atlassian.com/browse/BSERV-10595",`
			`"refsource" : "CONFIRM",`
- Synchronized data. 2018-02-02 09:04:34 -05:00			`"url" : "https://jira.atlassian.com/browse/BSERV-10595"`
			`}`
			`]`
			`}`
- Synchronized data. 2018-01-17 18:02:43 -05:00			`}`