VYPR
High severity7.5NVD Advisory· Published Feb 15, 2018· Updated Jun 17, 2026

CVE-2017-18087

CVE-2017-18087

Description

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atlassian/Bitbucket Serverllm-fuzzy2 versions
    5.1.0 < 5.1.7, 5.2.0 < 5.2.5, 5.3.0 < 5.3.3, 5.4.0 < 5.4.1+ 1 more
    • (no CPE)range: 5.1.0 < 5.1.7, 5.2.0 < 5.2.5, 5.3.0 < 5.3.3, 5.4.0 < 5.4.1
    • (no CPE)range: from 5.1.0 prior to 5.1.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.