Vulnerabilities > Atlassian > Bitbucket > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18037 Path Traversal vulnerability in Atlassian Bitbucket
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.
network
low complexity
atlassian CWE-22
6.5
2018-02-02 CVE-2017-18036 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.3