cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-22513,https://securityvulnerability.io/vulnerability/CVE-2023-22513,Remote Code Execution Vulnerability in Bitbucket Data Center and Server by Atlassian,"A critical Remote Code Execution vulnerability was identified in Bitbucket Data Center and Server starting from version 8.0.0. This security issue permits an authenticated attacker to execute arbitrary code without user interaction, threatening the confidentiality, integrity, and availability of the affected systems. Users are urged to upgrade to the latest version or one of the supported fixed releases to mitigate potential risks. More details can be found in Atlassian's release notes for Bitbucket.",Atlassian,"Bitbucket Data Center,Bitbucket Server",8.8,HIGH,0.001500000013038516,false,,false,false,false,,,false,false,,2023-09-19T17:15:00.000Z,0
CVE-2022-43781,https://securityvulnerability.io/vulnerability/CVE-2022-43781,Command Injection Vulnerability in Bitbucket Server and Data Center by Atlassian,"A command injection vulnerability exists in Bitbucket Server and Data Center, allowing an unauthenticated attacker with control over their username to execute arbitrary code. If the ‘Allow public signup’ option is enabled, this flaw can be exploited without authentication, potentially compromising the system's integrity.",Atlassian,"Bitbucket Data Center,Bitbucket Server",9.8,CRITICAL,0.4415600001811981,false,,false,false,true,2023-02-13T17:31:06.000Z,true,false,false,,2022-11-17T00:00:01.210Z,0
CVE-2022-36804,https://securityvulnerability.io/vulnerability/CVE-2022-36804,Remote Code Execution in Atlassian Bitbucket Server and Data Center,"The Atlassian Bitbucket Server and Data Center is susceptible to remote code execution via multiple API endpoints. This vulnerability allows remote attackers with read permissions to either public or private repositories to execute arbitrary code by sending carefully crafted HTTP requests. The issue affects several versions of the product, opening up significant risks for users who have not applied the appropriate updates. Effective mitigation involves ensuring that your instance is updated to the latest secure version, as detailed by the vendor.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.9734899997711182,true,2022-09-30T00:00:00.000Z,false,false,true,2022-09-30T00:00:00.000Z,true,false,false,,2022-08-25T00:00:00.000Z,0
CVE-2022-26137,https://securityvulnerability.io/vulnerability/CVE-2022-26137,CORS Bypass Vulnerability in Atlassian Products,"A vulnerability in multiple Atlassian products enables a remote attacker to exploit Cross-origin resource sharing (CORS) by sending specially crafted HTTP requests. This can result in unauthorized access to vulnerable applications, permitting the attacker to utilize the permissions of a tricked user who visits a malicious URL. Affected versions of products, including Bamboo, Bitbucket, Confluence, Crowd, Fisheye, Crucible, Jira, and Jira Service Management, must be updated to mitigate this risk.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",8.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2022-26136,https://securityvulnerability.io/vulnerability/CVE-2022-26136,Remote Authentication Bypass Vulnerability in Atlassian Products,"A vulnerability affecting various Atlassian products allows an unauthenticated remote attacker to bypass Servlet Filters utilized by both first and third party applications. The potential impact varies based on the specific filters employed by the applications, leading to possible authentication bypass and cross-site scripting (XSS) exploits. While Atlassian has deployed updates to address the root cause, the comprehensive implications of this vulnerability may not be fully disclosed, highlighting the importance of applying the latest security updates.",Atlassian,"Bamboo Server,Bamboo Data Center,Bitbucket Server,Bitbucket Data Center,Confluence Server,Confluence Data Center,Crowd Server,Crowd Data Center,Crucible,Fisheye,Jira Core Server,Jira Software Server,Jira Software Data Center,Jira Service Management Server,Jira Service Management Data Center",9.8,CRITICAL,0.008580000139772892,false,,false,false,false,,,false,false,,2022-07-20T00:00:00.000Z,0
CVE-2020-36233,https://securityvulnerability.io/vulnerability/CVE-2020-36233,Privilege Escalation in Atlassian Bitbucket Server and Data Center by Microsoft,"The Atlassian Bitbucket Server and Data Center, specifically versions prior to 6.10.9 and 7.x before 7.6.4, are vulnerable to privilege escalation due to insufficient permission controls within the installation directory. Local attackers may exploit these weak permissions to gain elevated access, potentially compromising the system.",Atlassian,"Bitbucket Server,Bitbucket Data Center",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-02-18T20:15:00.000Z,0
CVE-2020-14170,https://securityvulnerability.io/vulnerability/CVE-2020-14170,Server-Side Request Forgery vulnerability in Atlassian Bitbucket Server,"A Server-Side Request Forgery vulnerability in Atlassian Bitbucket Server allows remote attackers to exploit the webhook functionality, granting them access to internal network resources. This can lead to exposure of sensitive data or unauthorized actions within the organization's system. Proper configurations and security measures should be applied to mitigate the impact of this vulnerability.",Atlassian,Bitbucket Server,4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2020-07-09T00:00:00.000Z,0
CVE-2020-14171,https://securityvulnerability.io/vulnerability/CVE-2020-14171,Atlassian Bitbucket Server Vulnerability Allows MITM Attacks on Repository Imports,"This vulnerability in Atlassian Bitbucket Server permits remote attackers to intercept unencrypted repository import requests. Attackers can exploit this flaw by performing a Man-in-the-Middle (MITM) attack, allowing them to capture sensitive data during the communication process. It is crucial for users of affected Bitbucket Server versions to upgrade to version 7.2.4 or later to safeguard against potential exploits.",Atlassian,Bitbucket Server,6.5,MEDIUM,0.0047599999234080315,false,,false,false,false,,,false,false,,2020-07-09T00:00:00.000Z,0
CVE-2019-15012,https://securityvulnerability.io/vulnerability/CVE-2019-15012,Remote Code Execution Vulnerability in Bitbucket Server and Data Center by Atlassian,"A vulnerability exists in Atlassian's Bitbucket Server and Data Center, which could allow a remote attacker with write permissions to exploit the edit-file endpoint. This flaw enables unauthorized file modifications in the victim's instance, potentially leading to the execution of arbitrary code. Affected versions include specific releases from 4.13 to 6.9.0, making it crucial for users to ensure their systems are updated to the latest secure versions to mitigate risks.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.0044200001284480095,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-20097,https://securityvulnerability.io/vulnerability/CVE-2019-20097,Remote Code Execution Vulnerability in Bitbucket Server and Data Center by Atlassian,"A vulnerability in Bitbucket Server and Bitbucket Data Center allows remote attackers with certain permissions to exploit the post-receive hook. By uploading a specifically crafted file, an attacker can execute arbitrary commands on the server. This vulnerability affects multiple versions, making it critical for users to update their systems to avoid potential exploits.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.002859999891370535,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-15010,https://securityvulnerability.io/vulnerability/CVE-2019-15010,Remote Code Execution Risk in Bitbucket Server and Data Center by Atlassian,"A vulnerability in Bitbucket Server and Bitbucket Data Center allows a remote attacker with user-level permissions to execute arbitrary commands on the affected system. By crafting special payloads submitted through specific user input fields, an attacker can exploit this flaw to gain unauthorized control of the instance. Versions affected span from 3.0.0 to various releases prior to security patches in subsequent versions. Organizations using affected versions should prioritize upgrading to secure their environments against potential exploitation.",Atlassian,"Bitbucket Server,Bitbucket Data Center",8.8,HIGH,0.001990000018849969,false,,false,false,false,,,false,false,,2020-01-15T00:00:00.000Z,0
CVE-2019-15005,https://securityvulnerability.io/vulnerability/CVE-2019-15005,Authorization Bypass in Atlassian Troubleshooting and Support Tools Plugin,"The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 is prone to an authorization bypass vulnerability that enables unprivileged users to perform unauthorized log scans. This flaw allows attackers to send application configuration details to a designated email, potentially exposing sensitive information regarding the application's setup and environment. Affected products include multiple versions of Atlassian’s software suite, making it critical for users to upgrade to mitigate risks associated with this vulnerability.",Atlassian,"Bitbucket Server,Jira Server,Confluence Server,Crowd,Fisheye,Crucible,Bamboo",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-11-08T00:00:00.000Z,0
CVE-2019-15000,https://securityvulnerability.io/vulnerability/CVE-2019-15000,Remote Command Execution Vulnerability in Bitbucket Server and Data Center from Atlassian,"A vulnerability in Atlassian's Bitbucket Server and Data Center allows remote attackers with repository access, potentially anonymously, to exploit public project settings. This exploitation enables unauthorized reading of arbitrary files and executing commands by injecting additional arguments into git commands, posing significant security risks to the system.",Atlassian,"Bitbucket Server,Bitbucket Data Center",9.8,CRITICAL,0.013530000112950802,false,,false,false,false,,,false,false,,2019-09-19T15:15:00.000Z,0
CVE-2018-5225,https://securityvulnerability.io/vulnerability/CVE-2018-5225,,"In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.",Atlassian,Bitbucket Server,9.9,CRITICAL,0.006380000151693821,false,,false,false,false,,,false,false,,2018-03-22T00:00:00.000Z,0
CVE-2017-18087,https://securityvulnerability.io/vulnerability/CVE-2017-18087,,"The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.",Atlassian,Bitbucket Server,7.5,HIGH,0.0027199999894946814,false,,false,false,false,,,false,false,,2018-02-15T00:00:00.000Z,0
CVE-2017-18037,https://securityvulnerability.io/vulnerability/CVE-2017-18037,,"The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) and before 5.6.0 allows remote attackers to read arbitrary files via a path traversal vulnerability through the name of a git tag.",Atlassian,Bitbucket Server,6.5,MEDIUM,0.0018100000452250242,false,,false,false,false,,,false,false,,2018-02-02T14:29:00.000Z,0
CVE-2017-18038,https://securityvulnerability.io/vulnerability/CVE-2017-18038,,The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.,Atlassian,Bitbucket Server,5.3,MEDIUM,0.002749999985098839,false,,false,false,false,,,false,false,,2018-02-02T14:29:00.000Z,0
CVE-2017-18036,https://securityvulnerability.io/vulnerability/CVE-2017-18036,,The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.,Atlassian,Bitbucket Server,4.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2018-02-02T14:29:00.000Z,0
CVE-2017-16857,https://securityvulnerability.io/vulnerability/CVE-2017-16857,,"It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.",Atlassian,Auto-unapprove Plugin (for Bitbucket Server),8.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2017-12-05T00:00:00.000Z,0
CVE-2016-4320,https://securityvulnerability.io/vulnerability/CVE-2016-4320,,Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.,Atlassian,Atlassian Bitbucket Server Before 4.7.1,4.3,MEDIUM,0.0010000000474974513,false,,false,false,false,,,false,false,,2017-04-10T03:00:00.000Z,0