CVE-2017-18087
moderate-risk
Published 2018-02-15
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
Do I need to act?
~
1.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ HIGH complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/103038
Vendor Advisory
https://jira.atlassian.com/browse/BSERV-10593
Third Party Advisory
http://www.securityfocus.com/bid/103038
Vendor Advisory
https://jira.atlassian.com/browse/BSERV-10593
31
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
4/34 · Minimal
Exposure
5/34 · Minimal