CVE-2019-15000

🗓️ 19 Sep 2019 14:24:38Reported by atlassianType

CVE-2019-15000: Bitbucket Server and Data Center before 6.5.2 allows remote attackers to read arbitrary files and execute commands

Reporter	Title	Published	Views	Family All 13
Atlassian	Argument Injection - CVE-2019-15000	5 Sep 201904:14	–	atlassian
Atlassian	Argument Injection - CVE-2019-15000	5 Sep 201904:14	–	atlassian
Cvelist	CVE-2019-15000	19 Sep 201914:24	–	cvelist
NVD	CVE-2019-15000	19 Sep 201915:15	–	nvd
OSV	CVE-2019-15000	19 Sep 201915:15	–	osv
Prion	Command injection	19 Sep 201915:15	–	prion
Tenable Nessus	Atlassian Bitbucket < 5.16.10 Command Injection Vulnerability	11 Oct 201900:00	–	nessus
Tenable Nessus	Atlassian Bitbucket 6.0.x < 6.0.10 Command Injection Vulnerability	11 Oct 201900:00	–	nessus
Tenable Nessus	Atlassian Bitbucket 6.1.x < 6.1.8 Command Injection Vulnerability	11 Oct 201900:00	–	nessus
Tenable Nessus	Atlassian Bitbucket 6.2.x < 6.2.6 Command Injection Vulnerability	11 Oct 201900:00	–	nessus

NVD

Node

atlassian bitbucketRange5.16.0–5.16.10

atlassian bitbucketRange6.0.0–6.0.10

atlassian bitbucketRange6.1.0–6.1.8

atlassian bitbucketRange6.2.0–6.2.6

atlassian bitbucketRange6.3.0–6.3.5

atlassian bitbucketRange6.4.0–6.4.3

atlassian bitbucketRange6.5.0–6.5.2

[
  {
    "product": "Bitbucket Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "5.16.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.1.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.4.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.5.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Bitbucket Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "5.16.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.0.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.1.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.2.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.2.6",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.3.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.3.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.4.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "6.5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "6.5.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
seclists	www.seclists.org/bugtraq/2019/Sep/43
jira	www.jira.atlassian.com/browse/BSERV-11947
packetstormsecurity	www.packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html

21 Nov 2024 04:27Current

9.5High risk

Vulners AI Score9.5

CVSS 26.8

CVSS 3.19.8

EPSS0.11046

CWE-78