307 matches found
Path Traversal org.springframework:spring-webmvc Dependency in Bitbucket Data Center and Server
This High severity org.springframework:spring-webmvc vulnerability exists in 8.9.0 - 8.9.23 and 8.19.0 to 8.19.12 of Bitbucket Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.apache.cxf:cxf-rt-rs-security-jose Dependency in Bitbucket Data Center and Server
This High severity org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability was introduced in versions 8.9.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server. This org.apache.cxf:cxf-rt-rs-security-jose Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 8.9.0 and 8.19.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
PT-2024-5228 · Atlassian +1 · Bitbucket Data Center/Server +2
Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 3.5.9 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 4.0.5 Bitbucket Data Center and Server versions 8.9.0 through 8.9.18 Bitbucket Data Center and Server versions 8.18.0 Bitbucket Data Center and...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Bitbucket Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data Center and Server...
Improper Authorization org.springframework.security:spring-security-core Dependency in Bitbucket Data Center and Server
This High severity org.springframework.security:spring-security-core Dependency vulnerability was introduced in versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, 8.13.0, 8.14.0-eap01, 8.15.0, 8.16.0, 8.17.0, 8.18.0, and 8.19.0 of Bitbucket Data...
Improper Access Control
org.jenkins-ci.plugins, cloudbees-bitbucket-branch-source is vulnerable to Improper access control. The vulnerability is due to flaw in the authorization mechanism in the trust policy "Forks in the same account" allowing changes to Jenkinsfiles from users without write access to the project when...
CVE-2024-28152
A flaw was found in jenkins-2-plugins. Multibranch Pipelines with a Bitbucket branch source can be configured to discover pull requests from forks. The trust policy is set to "Forks in the same account" by default. In Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except...
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
Design/Logic Flaw
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
CVE-2024-28152
CVE-2024-28152 affects the Jenkins Bitbucket Branch Source Plugin (866.vdea_7dcd3008e and earlier, excluding 848.850.v6a_a_2a_234a_c81). The root cause is a misconfigured trust policy for pull requests from forks, where the policy "Forks in the same account" can allow changes to Jenkinsfiles from...
CVE-2024-28152
In Jenkins Bitbucket Branch Source Plugin 866.vdea7dcd3008e and earlier, except 848.850.v6aa2a234ac81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server...
BIT-GITLAB-2021-39871
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call...
Request Smuggling org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability was introduced in versions 7.21.0, 8.9.0, 8.13.0, 8.14.0, 8.15.0, and 8.16.0 of Bitbucket Data Center and Server. This org.apache.tomcat.embed:tomcat-embed-core Dependency vulnerability, with a CVSS Score of 7.5...
DoS (Denial of Service) org.xerial.snappy:snappy-java Dependency in Bitbucket Data Center and Server
This High severity org.xerial.snappy:snappy-java Dependency vulnerability was introduced in versions 7.21.0, 8.9.0 and 8.13.0 of Bitbucket Data Center and Server. This org.xerial.snappy:snappy-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4
Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...
jackson-databind Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
com.google.code.gson Vulnerability in Bitbucket Data Center and Server
This High severity Third-Party Dependency vulnerability was introduced in versions 7.17.0, 7.21.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, and 8.12.0 of Bitbucket Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...