CVE-2017-18037

Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server versions 3.7.0 through 4.14.10 Atlassian Bitbucket Server versions 5.0.0 through 5.0.8 Atlassian Bitbucket Server versions 5.1.0 through 5.1.7 Atlassian Bitbucket Server versions 5.2.0 through 5.2.5 Atlassian Bitbucket Server versions 5.3.0 through 5.3.3 Atlassian Bitbucket Server versions 5.4.0 through 5.4.1 Atlassian Bitbucket Server versions 5.5.0

Description: The issue allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag in the git repository tag rest resource.

Recommendations: For Atlassian Bitbucket Server versions 3.7.0 through 4.14.10, update to version 4.14.11 or later. For Atlassian Bitbucket Server versions 5.0.0 through 5.0.8, update to version 5.0.9 or later. For Atlassian Bitbucket Server versions 5.1.0 through 5.1.7, update to version 5.1.8 or later. For Atlassian Bitbucket Server versions 5.2.0 through 5.2.5, update to version 5.2.6 or later. For Atlassian Bitbucket Server versions 5.3.0 through 5.3.3, update to version 5.3.4 or later. For Atlassian Bitbucket Server versions 5.4.0 through 5.4.1, update to version 5.4.2 or later. For Atlassian Bitbucket Server version 5.5.0, update to version 5.5.1 or later.