Vulnerabilities > Atlassian > Bitbucket > 5.4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-15 | CVE-2017-18088 | Improper Input Validation vulnerability in Atlassian Bitbucket Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. | 4.3 |
2018-02-02 | CVE-2017-18038 | Path Traversal vulnerability in Atlassian Bitbucket The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | 5.3 |