CVE-2019-3397

CVE Database · CVE-2019-3397

CVE-2019-3397

· N/AModified

CVSS v3.1

N/A

EPSS

5.06%

Published

Jun 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

Weaknesses (CWE)

CWE-22

Affected Products (6)

atlassian · bitbucket (up to 5.13.6)vulnerable

atlassian · bitbucket (up to 5.14.4)vulnerable

atlassian · bitbucket (up to 5.15.3)vulnerable

atlassian · bitbucket (up to 5.16.3)vulnerable

atlassian · bitbucket (up to 6.0.3)vulnerable

atlassian · bitbucket (up to 6.1.2)vulnerable

References (2)

https://jira.atlassian.com/browse/BSERV-11706

MitigationVendor Advisory

https://jira.atlassian.com/browse/BSERV-11706

MitigationVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs