7.5

CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianBitbucket Version >= 5.1.0 < 5.1.7
AtlassianBitbucket Version >= 5.2.0 < 5.2.5
AtlassianBitbucket Version >= 5.3.0 < 5.3.3
AtlassianBitbucket Version > 5.4.0 < 5.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.79% 0.755
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 1.6 5.9
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/103038
Third Party Advisory
VDB Entry
https://jira.atlassian.com/browse/BSERV-10593
Vendor Advisory