Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitbucket vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2017-18037
The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 prior to 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 prior to 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 prior to 5.1.8 (the fixed version for 5.1.x), from version 5....
Atlassian Bitbucket
Atlassian Bitbucket 5.5.2
Atlassian Bitbucket 5.5.3
Atlassian Bitbucket 5.5.4
Atlassian Bitbucket 5.5.5
Atlassian Bitbucket 5.5.0
Atlassian Bitbucket 5.5.6
NA
CVE-2023-22513
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated malicious user to execute arbitrary code which has h...
Atlassian Bitbucket Server
Atlassian Bitbucket Server 8.13.0
Atlassian Bitbucket Data Center 8.13.0
Atlassian Bitbucket Data Center
6
CVSSv2
CVE-2017-16857
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an malicious user to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugi...
Atlassian Bitbucket Auto Unapprove Plugin 1.1.0
Atlassian Bitbucket Auto Unapprove Plugin 2.0.1
Atlassian Bitbucket Auto Unapprove Plugin 2.2.0
Atlassian Bitbucket Auto Unapprove Plugin 1.0.0
Atlassian Bitbucket Auto Unapprove Plugin 1.2.0
Atlassian Bitbucket Auto Unapprove Plugin 3.0.0
Atlassian Bitbucket Auto Unapprove Plugin 2.0.2
Atlassian Bitbucket Auto Unapprove Plugin 2.0.4
Atlassian Bitbucket Auto Unapprove Plugin 2.1.1
Atlassian Bitbucket Auto Unapprove Plugin 2.1.3
NA
CVE-2022-36804
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from versi...
Atlassian Bitbucket 8.3.0
Atlassian Bitbucket
16 Github repositories
2 Articles
7.5
CVSSv2
CVE-2022-26133
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later prior to 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated malicious user to execute...
Atlassian Bitbucket Data Center
Atlassian Bitbucket Data Center 7.20.0
2 Github repositories
5.8
CVSSv2
CVE-2022-20619
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing c...
Jenkins Bitbucket Branch Source 737.vdf9dc06105be
Jenkins Bitbucket Branch Source
4
CVSSv2
CVE-2022-20618
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and previous versions allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Bitbucket Branch Source 737.vdf9dc06105be
Jenkins Bitbucket Branch Source
4
CVSSv2
CVE-2017-18036
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote malicious users to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.
Atlassian Bitbucket
5
CVSSv2
CVE-2017-18038
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote malicious users to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
Atlassian Bitbucket
NA
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbu...
Atlassian Bitbucket
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »