VYPR
Medium severity6.5NVD Advisory· Published Feb 2, 2018· Updated Jun 17, 2026

CVE-2017-18037

CVE-2017-18037

Description

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atlassian/Bitbucket Serverllm-fuzzy2 versions
    <4.14.11, <5.0.9, <5.1.8, <5.2.6, <5.3.4, <5.4.2, <5.5.1, <5.6.0+ 1 more
    • (no CPE)range: <4.14.11, <5.0.9, <5.1.8, <5.2.6, <5.3.4, <5.4.2, <5.5.1, <5.6.0
    • (no CPE)range: from 3.7.0 prior to 4.14.11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.