Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitbucket vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2016-4320
Atlassian Bitbucket Server prior to 4.7.1 allows remote malicious users to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
Atlassian Bitbucket
9.8
CVSSv3
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbu...
Atlassian Bitbucket
5.7
CVSSv3
CVE-2023-24428
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and previous versions allows malicious users to trick users into logging in to the attacker's account.
Jenkins Bitbucket Oauth
7.8
CVSSv3
CVE-2019-10460
Jenkins Bitbucket OAuth Plugin 0.9 and previous versions stored credentials unencrypted in the global config.xml configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Bitbucket Oauth
9.8
CVSSv3
CVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and previous versions does not invalidate the previous session on login.
Jenkins Bitbucket Oauth
NA
CVE-2013-0265
The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log.
Bitbucket Xnbd 0.1.0
8.8
CVSSv3
CVE-2019-1003057
Jenkins Bitbucket Approve Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
Jenkins Bitbucket Approve
5.4
CVSSv3
CVE-2022-28133
Jenkins Bitbucket Server Integration Plugin 3.1.0 and previous versions does not limit URL schemes for callback URLs on OAuth consumers, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create BitBucket Server consumers.
Jenkins Bitbucket Server Integration
5.4
CVSSv3
CVE-2022-28134
Jenkins Bitbucket Server Integration Plugin 3.1.0 and previous versions does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to create, view, and delete BitBucket Server consumers.
Jenkins Bitbucket Server Integration
7.5
CVSSv3
CVE-2023-41937
Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 up to and including 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing malicious users to capture Bitbucket...
Jenkins Bitbucket Push And Pull Request
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »