CVE-2017-18087

CVE Database · CVE-2017-18087

CVE-2017-18087

· N/AModified

CVSS v3.1

N/A

EPSS

1.86%

Published

Feb 15, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

Affected Products (4)

atlassian · bitbucket (up to 5.1.7)vulnerable

atlassian · bitbucket (up to 5.2.5)vulnerable

atlassian · bitbucket (up to 5.3.3)vulnerable

atlassian · bitbucket (up to 5.4.1)vulnerable

References (4)

http://www.securityfocus.com/bid/103038

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/BSERV-10593

Vendor Advisory

http://www.securityfocus.com/bid/103038

Third Party AdvisoryVDB Entry

https://jira.atlassian.com/browse/BSERV-10593

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs