Skip to main content

Bitbucket

11 CVEs product

Monthly

CVE-2022-43781 CRITICAL POC PATCH THREAT Act Now

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Bitbucket
NVD
CVSS 3.1
9.8
EPSS
98.1%
CVE-2022-36804 HIGH POC KEV PATCH THREAT Act Now

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Atlassian Command Injection Bitbucket
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.1%
CVE-2022-26137 HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo Bitbucket Confluence Data Center +8
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-26136 CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS Bamboo Bitbucket +9
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2020-14171 MEDIUM This Month

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Bitbucket
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-14170 MEDIUM This Month

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian SSRF Bitbucket
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-15005 MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support Bamboo Bitbucket +5
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2019-15000 CRITICAL Act Now

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Bitbucket
NVD
CVSS 3.1
9.8
EPSS
7.8%
CVE-2019-3397 CRITICAL Act Now

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Path Traversal RCE Bitbucket
NVD
CVSS 3.0
9.1
EPSS
5.1%
CVE-2018-5225 CRITICAL Act Now

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian RCE Bitbucket
NVD
CVSS 3.0
9.9
EPSS
3.6%
CVE-2016-4320 MEDIUM This Month

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Atlassian Bitbucket
NVD
CVSS 3.0
4.3
EPSS
0.6%
EPSS 98% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Bitbucket
NVD
EPSS 99% CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Atlassian Command Injection +1
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian Bamboo +10
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Atlassian XSS +11
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian Information Disclosure Bitbucket
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian SSRF Bitbucket
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Troubleshooting And Support +7
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Bitbucket
NVD
EPSS 5% CVSS 9.1
CRITICAL Act Now

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian Path Traversal RCE +1
NVD
EPSS 4% CVSS 9.9
CRITICAL Act Now

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian RCE Bitbucket
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Atlassian Bitbucket
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy