Lucene search
K

307 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/03 12:0 a.m.5 views

The vulnerability of the Git Bitbucket Server and Data Center-based code deployment, management, and collaboration tools lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Git Bitbucket Server and Data Center-based code deployment, management, and collaboration tools is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS8.2AI score0.14329EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2023/09/19 5:0 p.m.107 views

CVE-2023-22513

CVE-2023-22513 is a high-severity remote code execution vulnerability in Bitbucket Data Center/Server, introduced in v8.0.0. An authenticated attacker can execute arbitrary code with high impact on confidentiality, integrity, and availability, with no user interaction. Fixed versions are specifie...

8.8CVSS8AI score0.14329EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/09/19 12:0 a.m.3 views

PT-2023-5577 · Atlassian · Bitbucket Data Center/Server +1

Name of the Vulnerable Software and Affected Versions: Bitbucket Data Center and Server versions 8.0.0 through 8.9.4 Bitbucket Data Center and Server versions 8.10.0 through 8.10.4 Bitbucket Data Center and Server versions 8.11.0 through 8.11.3 Bitbucket Data Center and Server versions 8.12.0...

9CVSS8.6AI score0.14329EPSS
Exploits0References24
CNNVD
CNNVD
added 2023/09/19 12:0 a.m.6 views

Bitbucket Data Center and Server Security Vulnerability

Bitbucket Data Center and Server is a data management center from Bitbucket, Inc. A security vulnerability exists in Bitbucket Data Center and Server version 8.0.0. An attacker can exploit the vulnerability to execute arbitrary code...

8.8CVSS7.3AI score0.14329EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/06 7:54 p.m.18 views

Authorization Bypass

gitlab is vulnerable to Authorization Bypass. The vulnerability exists because of an instance that has the setting to disable Bitbucket Server import enabled allowing an attacker to bypass by making a crafted API call...

4.3CVSS6.7AI score0.009EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.3 views

PT-2023-4786 · Atlassian · Confluence +2

Name of the Vulnerable Software and Affected Versions: Okio versions prior to the fixed versions Bitbucket Data Center and Server versions 7.17.0 through 8.14.0 Confluence Data Center and Server versions 7.13.0 through 8.7.0 Description: The issue is related to the GzipSource class in the Okio...

7.8CVSS7.2AI score0.01077EPSS
Exploits1References24
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.5 views

PT-2023-4869

Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the compresschar input function of the snappy-java library, which can cause an unrecoverable fatal error. This occurs when the length of the inpu...

7.8CVSS6.8AI score0.01469EPSS
Exploits0References218
Positive Technologies
Positive Technologies
added 2023/06/15 12:0 a.m.5 views

PT-2023-4870

Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to the use of an unchecked chunk length in the hasNextChunk function of the SnappyInputStream class, which can lead to an unrecoverable fatal error. This error occurs when...

7.8CVSS6.8AI score0.01762EPSS
Exploits1References216
Atlassian
Atlassian
added 2023/05/17 6:46 a.m.105 views

Upgrade spring-core for CVE-2023-20860

h3. Issue Summary Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860|https://vulners.com/cve/CVE-2023-20860: /app/WEB-INF/lib/spring-core-5.3.23.jar /opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar Bitbucket isn't known to be vulnerable, b...

7.5CVSS6.7AI score0.03514EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/03/06 12:0 a.m.11 views

Atlassian Bitbucket 6.1.x < 6.1.9 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...

8.8CVSS8.9AI score0.02569EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2023/02/02 1:42 a.m.452 views

Exploit for Argument Injection in Atlassian Bitbucket

Atlassian-Bitbucket-Server-CVE-2022-36804 A critical command...

8.8CVSS9.1AI score0.99077EPSS
Exploits24
GithubExploit
GithubExploit
added 2023/01/23 12:51 p.m.426 views

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804: Pre-Auth RCE in Atlassian Bitbucket Server A c...

8.8CVSS9.1AI score0.99077EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2023/01/12 2:20 p.m.71 views

Recog Release v3.0.3

Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...

0.1AI score0.9994EPSS
Exploits29
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.2 views

PT-2022-27618 · Atlassian +3 · Bitbucket Server +5

Name of the Vulnerable Software and Affected Versions: Jettison versions prior to 1.5.2 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 Description: A stack overflow in Jettison allows attackers to cause a Denial of Service DoS via crafted JSON data. This issue has a high impact o...

7.5CVSS6.6AI score0.01395EPSS
Exploits2References36
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.4 views

PT-2022-6900

Name of the Vulnerable Software and Affected Versions hutool-json version 5.8.10 org.json:json versions prior to 20230227 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 Description A stack overflow in the XML.toJSONObject component allows attackers to cause a Denial of Service Do...

7.8CVSS7.4AI score0.01181EPSS
Exploits5References20
BDU FSTEC
BDU FSTEC
added 2022/11/30 12:0 a.m.7 views

The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software lies in the lack of measures taken at the management level to clean data, allowing attackers to execute arbitrary code.

The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software-related data processing lies in the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.98076EPSS
Exploits3References3Affected Software1
hivepro
hivepro
added 2022/11/23 12:13 p.m.46 views

Atlassian Addresses Issues in Crowd and Bitbucket Products

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...

3AI score0.98076EPSS
Exploits3
OSV
OSV
added 2022/11/17 12:15 a.m.1 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS6.1AI score0.98076EPSS
Exploits3References2
NVD
NVD
added 2022/11/17 12:15 a.m.16 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS0.98076EPSS
Exploits3References2
Prion
Prion
added 2022/11/17 12:15 a.m.56 views

Command injection

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

7.5CVSS9.8AI score0.98076EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder