CVE-2019-3397 is a vulnerability in Atlassian Bitbucket
Published on June 3, 2019
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
Products Associated with CVE-2019-3397
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-3397 are published in Atlassian Bitbucket:
Affected Versions
Atlassian Bitbucket Data Center:- Version 5.13.0 and below unspecified is affected.
- Version unspecified and below 5.13.6 is affected.
- Version 5.14.0 and below unspecified is affected.
- Version unspecified and below 5.14.4 is affected.
- Version 5.15.0 and below unspecified is affected.
- Version unspecified and below 5.15.3 is affected.
- Version 6.0.0 and below unspecified is affected.
- Version unspecified and below 6.0.3 is affected.
- Version 6.1.0 and below unspecified is affected.
- Version unspecified and below 6.1.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.