Lucene search
K

307 matches found

Atlassian
Atlassian
added 2024/12/12 7:14 a.m.31 views

Path Traversal org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-webmvc vulnerability exists in 8.9.0 - 8.9.23 and 8.19.0 to 8.19.12 of Bitbucket Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.5AI score0.54862EPSS
Exploits6
Atlassian
Atlassian
added 2024/09/10 1:15 a.m.33 views

DoS (Denial of Service) org.apache.cxf:cxf-rt-rs-security-jose Dependency in Bitbucket Data Center and Server

This High severity org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability was introduced in versions 8.9.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server. This org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7AI score0.01269EPSS
Exploits0
Atlassian
Atlassian
added 2024/08/14 7:10 a.m.34 views

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 8.9.0 and 8.19.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.6AI score0.04602EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.4 views

PT-2024-5228 · Atlassian +1 · Bitbucket Data Center/Server +2

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 3.5.9 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 4.0.5 Bitbucket Data Center and Server versions 8.9.0 through 8.9.18 Bitbucket Data Center and Server versions 8.18.0 Bitbucket Data Center and...

7.8CVSS7.5AI score0.01269EPSS
Exploits0References19
Atlassian
Atlassian
added 2024/05/10 10:10 a.m.67 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...

7.8AI score
Exploits0
Atlassian
Atlassian
added 2024/04/12 12:13 a.m.58 views

Improper Authorization org.springframework.security:spring-security-core Dependency in Bitbucket Data Center and Server

This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data...

8.2CVSS8AI score0.00948EPSS
Exploits0
Veracode
Veracode
added 2024/03/11 5:21 a.m.27 views

Improper Access Control

org.jenkins-ci.plugins, cloudbees-bitbucket-branch-source is vulnerable to Improper access control. The vulnerability is due to flaw in the authorization mechanism in the trust policy "Forks in the same account" allowing changes to Jenkinsfiles from users without write access to the project when...

6.3CVSS6.7AI score0.00556EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2024/03/06 6:52 p.m.27 views

CVE-2024-28152

A flaw was found in jenkins-2-plugins. Multibranch Pipelines with a Bitbucket branch source can be configured to discover pull requests from forks. The trust policy is set to "Forks in the same account" by default. In Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except...

6.3CVSS6.2AI score0.00556EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.30 views

Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.3CVSS6.4AI score0.00556EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/03/06 5:15 p.m.11 views

CVE-2024-28152

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.3CVSS5.7AI score0.00556EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 5:15 p.m.38 views

Design/Logic Flaw

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.6AI score0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/06 5:1 p.m.18 views

CVE-2024-28152

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.6AI score0.00556EPSS
Exploits0References2
CVE
CVE
added 2024/03/06 5:1 p.m.87 views

CVE-2024-28152

CVE-2024-28152 affects the Jenkins Bitbucket Branch Source Plugin (866.vdea_7dcd3008e and earlier, excluding 848.850.v6a_a_2a_234a_c81). The root cause is a misconfigured trust policy for pull requests from forks, where the policy "Forks in the same account" can allow changes to Jenkinsfiles from...

6.3CVSS6.4AI score0.00556EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2024/03/06 5:1 p.m.1 views

CVE-2024-28152

In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...

6.3CVSS6.9AI score0.00556EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:18 a.m.17 views

BIT-GITLAB-2021-39871

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call...

4.3CVSS4.5AI score0.009EPSS
Exploits0References4
Atlassian
Atlassian
added 2024/01/09 5:45 a.m.40 views

Request Smuggling org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5...

7.5CVSS6.7AI score0.02651EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/08 8:45 p.m.39 views

DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server

This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.01707EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.17 views

PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4

Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...

6.1CVSS6.1AI score0.00495EPSS
Exploits0References14
Atlassian
Atlassian
added 2023/10/06 5:44 p.m.35 views

jackson-databind Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.5AI score0.01124EPSS
Exploits1
Atlassian
Atlassian
added 2023/10/04 7:45 p.m.49 views

com.google.code.gson Vulnerability in Bitbucket Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.7CVSS6.8AI score0.1158EPSS
Exploits0
Rows per page
Query Builder