VYPR

Bitbucket Server

by Atlassian

CVEs (24)

  • CVE-2022-36804HigKEVAug 25, 2022
    risk 0.80cvss 8.8epss 0.99

    Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from…

  • CVE-2022-43781CriNov 17, 2022
    risk 0.75cvss 9.8epss 0.98

    There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the…

  • CVE-2018-5225CriMar 22, 2018
    risk 0.65cvss 9.9epss 0.04

    In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x),…

  • CVE-2022-26136CriJul 20, 2022
    risk 0.64cvss 9.8epss 0.04

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in…

  • CVE-2021-37843CriAug 2, 2021
    risk 0.64cvss 9.8epss 0.02

    The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user account when only the username is known (i.e., no other authentication is provided). The fixed versions are for Jira: 3.6.6.1, 4.0.12, 5.0.5; for Confluence 3.6.6, 4.0.12, 5.0.5; for…

  • CVE-2019-15000CriSep 19, 2019
    risk 0.64cvss 9.8epss 0.08

    The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x),…

  • CVE-2023-22513HigSep 19, 2023
    risk 0.58cvss 8.8epss 0.14

    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high…

  • CVE-2022-26137HigJul 20, 2022
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this…

  • CVE-2019-20097HigJan 15, 2020
    risk 0.57cvss 8.8epss 0.02

    Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before…

  • CVE-2019-15012HigJan 15, 2020
    risk 0.57cvss 8.8epss 0.02

    Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3,…

  • CVE-2019-15010HigJan 15, 2020
    risk 0.57cvss 8.8epss 0.03

    Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from…

  • CVE-2017-16857HigDec 5, 2017
    risk 0.55cvss 8.5epss 0.01

    It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin,…

  • CVE-2020-36233HigFeb 18, 2021
    risk 0.51cvss 7.8epss 0.00

    The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

  • CVE-2017-18087HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.02

    The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk…

  • CVE-2016-6668HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.04

    The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for…

  • CVE-2020-14171MedJul 9, 2020
    risk 0.42cvss 6.5epss 0.01

    Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.

  • CVE-2017-18037MedFeb 2, 2018
    risk 0.42cvss 6.5epss 0.01

    The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0…

  • CVE-2018-19498MedMar 21, 2019
    risk 0.40cvss 6.1epss 0.02

    The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS.

  • CVE-2017-18038MedFeb 2, 2018
    risk 0.35cvss 5.3epss 0.01

    The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.

  • CVE-2020-14170MedJul 9, 2020
    risk 0.28cvss 4.3epss 0.01

    Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.

Page 1 of 2

VYPR — Vulnerability Intelligence