cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-21684,https://securityvulnerability.io/vulnerability/CVE-2024-21684,Low Severity Open Redirect Vulnerability Affects Bitbucket Data Center,"There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2.

This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.

Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the  supported fixed versions.",Atlassian,Bitbucket Data Center,3.1,LOW,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-07-24T18:00:01.656Z,0
CVE-2023-22513,https://securityvulnerability.io/vulnerability/CVE-2023-22513,Remote Code Execution Vulnerability in Bitbucket Data Center and Server by Atlassian,"A critical Remote Code Execution vulnerability was identified in Bitbucket Data Center and Server starting from version 8.0.0. This security issue permits an authenticated attacker to execute arbitrary code without user interaction, threatening the confidentiality, integrity, and availability of the affected systems. Users are urged to upgrade to the latest version or one of the supported fixed releases to mitigate potential risks. More details can be found in Atlassian's release notes for Bitbucket.",Atlassian,"Bitbucket Data Center,Bitbucket Server",8.8,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-09-19T17:15:00.000Z,0
CVE-2022-43781,https://securityvulnerability.io/vulnerability/CVE-2022-43781,Command Injection Vulnerability in Bitbucket Server and Data Center by Atlassian,"A command injection vulnerability exists in Bitbucket Server and Data Center, allowing an unauthenticated attacker with control over their username to execute arbitrary code. If the ‘Allow public signup’ option is enabled, this flaw can be exploited without authentication, potentially compromising the system's integrity.",Atlassian,"Bitbucket Data Center,Bitbucket Server",9.8,CRITICAL,0.4415600001811981,false,,false,false,true,2023-02-13T17:31:06.000Z,true,false,false,,2022-11-17T00:00:01.210Z,0
CVE-2022-36804,https://securityvulnerability.io/vulnerability/CVE-2022-36804,Remote Code Execution in Atlassian Bitbucket Server and Data Center,"The Atlassian Bitbucket Server and Data Center is susceptible to remote code execution via multiple API endpoints. This vulnerability allows remote attackers with read permissions to either public or private repositories to execute arbitrary code by sending carefully crafted HTTP requests. The issue affects several versions of the product, opening up significant risks for users who have not applied the appropriate updates. Effective mitigation involves ensuring that your instance is updated to the latest secure version, as detailed by the vendor.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.9734899997711182,true,2022-09-30T00:00:00.000Z,false,false,true,2022-09-30T00:00:00.000Z,true,false,false,,2022-08-25T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26133,https://securityvulnerability.io/vulnerability/CVE-2022-26133,Remote Code Execution Vulnerability in Atlassian Bitbucket Data Center,"A security vulnerability exists in Atlassian Bitbucket Data Center, specifically in the SharedSecretClusterAuthenticator component. This flaw allows a remote, unauthenticated attacker to execute arbitrary code, potentially leading to significant security breaches. The vulnerability arises due to improper handling of Java deserialization, making systems running versions from 5.14.0 up to 7.20.0 susceptible if not properly patched. Users are urged to update their installations promptly to mitigate potential threats.",Atlassian,Bitbucket Data Center,9.8,CRITICAL,0.005810000002384186,false,,false,false,true,2022-06-04T11:31:48.000Z,true,false,false,,2022-04-20T19:15:00.000Z,0
CVE-2020-36233,https://securityvulnerability.io/vulnerability/CVE-2020-36233,Privilege Escalation in Atlassian Bitbucket Server and Data Center by Microsoft,"The Atlassian Bitbucket Server and Data Center, specifically versions prior to 6.10.9 and 7.x before 7.6.4, are vulnerable to privilege escalation due to insufficient permission controls within the installation directory. Local attackers may exploit these weak permissions to gain elevated access, potentially compromising the system.",Atlassian,"Bitbucket Server,Bitbucket Data Center",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-02-18T20:15:00.000Z,0
CVE-2019-20097,https://securityvulnerability.io/vulnerability/CVE-2019-20097,Remote Code Execution Vulnerability in Bitbucket Server and Data Center by Atlassian,"A vulnerability in Bitbucket Server and Bitbucket Data Center allows remote attackers with certain permissions to exploit the post-receive hook. By uploading a specifically crafted file, an attacker can execute arbitrary commands on the server. This vulnerability affects multiple versions, making it critical for users to update their systems to avoid potential exploits.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.002859999891370535,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-15012,https://securityvulnerability.io/vulnerability/CVE-2019-15012,Remote Code Execution Vulnerability in Bitbucket Server and Data Center by Atlassian,"A vulnerability exists in Atlassian's Bitbucket Server and Data Center, which could allow a remote attacker with write permissions to exploit the edit-file endpoint. This flaw enables unauthorized file modifications in the victim's instance, potentially leading to the execution of arbitrary code. Affected versions include specific releases from 4.13 to 6.9.0, making it crucial for users to ensure their systems are updated to the latest secure versions to mitigate risks.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.0044200001284480095,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-15010,https://securityvulnerability.io/vulnerability/CVE-2019-15010,Remote Code Execution Risk in Bitbucket Server and Data Center by Atlassian,"A vulnerability in Bitbucket Server and Bitbucket Data Center allows a remote attacker with user-level permissions to execute arbitrary commands on the affected system. By crafting special payloads submitted through specific user input fields, an attacker can exploit this flaw to gain unauthorized control of the instance. Versions affected span from 3.0.0 to various releases prior to security patches in subsequent versions. Organizations using affected versions should prioritize upgrading to secure their environments against potential exploitation.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-15000,https://securityvulnerability.io/vulnerability/CVE-2019-15000,Remote Command Execution Vulnerability in Bitbucket Server and Data Center from Atlassian,"A vulnerability in Atlassian's Bitbucket Server and Data Center allows remote attackers with repository access, potentially anonymously, to exploit public project settings. This exploitation enables unauthorized reading of arbitrary files and executing commands by injecting additional arguments into git commands, posing significant security risks to the system.",Atlassian,"Bitbucket Server,Bitbucket Data Center",9.8,CRITICAL,0.013530000112950802,false,,false,false,false,,,false,false,,2019-09-19T15:15:00.000Z,0
CVE-2019-3397,https://securityvulnerability.io/vulnerability/CVE-2019-3397,Remote Code Execution Vulnerability in Atlassian Bitbucket Data Center,"This vulnerability affects Atlassian Bitbucket Data Center versions, allowing remote attackers with admin permissions to exploit path traversal vulnerabilities through the Data Center migration tool, potentially leading to remote code execution on the server. It is crucial for users of affected versions to update to the latest fixed releases to safeguard their systems.",Atlassian,Bitbucket Data Center,9.1,CRITICAL,0.004230000078678131,false,,false,false,false,,,false,false,,2019-06-03T14:29:00.000Z,0