307 matches found
The vulnerability of the Git Bitbucket Server and Data Center-based code deployment, management, and collaboration tools lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Git Bitbucket Server and Data Center-based code deployment, management, and collaboration tools is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
CVE-2023-22513
CVE-2023-22513 is a high-severity remote code execution vulnerability in Bitbucket Data Center/Server, introduced in v8.0.0. An authenticated attacker can execute arbitrary code with high impact on confidentiality, integrity, and availability, with no user interaction. Fixed versions are specifie...
PT-2023-5577 · Atlassian · Bitbucket Data Center/Server +1
Name of the Vulnerable Software and Affected Versions: Bitbucket Data Center and Server versions 8.0.0 through 8.9.4 Bitbucket Data Center and Server versions 8.10.0 through 8.10.4 Bitbucket Data Center and Server versions 8.11.0 through 8.11.3 Bitbucket Data Center and Server versions 8.12.0...
Bitbucket Data Center and Server Security Vulnerability
Bitbucket Data Center and Server is a data management center from Bitbucket, Inc. A security vulnerability exists in Bitbucket Data Center and Server version 8.0.0. An attacker can exploit the vulnerability to execute arbitrary code...
Authorization Bypass
gitlab is vulnerable to Authorization Bypass. The vulnerability exists because of an instance that has the setting to disable Bitbucket Server import enabled allowing an attacker to bypass by making a crafted API call...
PT-2023-4786 · Atlassian · Confluence +2
Name of the Vulnerable Software and Affected Versions: Okio versions prior to the fixed versions Bitbucket Data Center and Server versions 7.17.0 through 8.14.0 Confluence Data Center and Server versions 7.13.0 through 8.7.0 Description: The issue is related to the GzipSource class in the Okio...
PT-2023-4869
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to an integer overflow in the compresschar input function of the snappy-java library, which can cause an unrecoverable fatal error. This occurs when the length of the inpu...
PT-2023-4870
Name of the Vulnerable Software and Affected Versions snappy-java versions prior to 1.1.10.1 Description The issue is related to the use of an unchecked chunk length in the hasNextChunk function of the SnappyInputStream class, which can lead to an unrecoverable fatal error. This error occurs when...
Upgrade spring-core for CVE-2023-20860
h3. Issue Summary Bitbucket Server/DC includes the following two libraries, which may be vulnerable to CVE-2023-20860|https://vulners.com/cve/CVE-2023-20860: /app/WEB-INF/lib/spring-core-5.3.23.jar /opensearch/plugins/opensearch-sql/spring-core-5.3.22.jar Bitbucket isn't known to be vulnerable, b...
Atlassian Bitbucket 6.1.x < 6.1.9 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...
Exploit for Argument Injection in Atlassian Bitbucket
Atlassian-Bitbucket-Server-CVE-2022-36804 A critical command...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804: Pre-Auth RCE in Atlassian Bitbucket Server A c...
Recog Release v3.0.3
Recog Release v3.0.3, which is available now, includes updated fingerprints for Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus; Atlassian Bitbucket Server; and Supervisord Supervisor. It also includes new fingerprints and a number of bug fixes, all of which are detailed...
PT-2022-27618 · Atlassian +3 · Bitbucket Server +5
Name of the Vulnerable Software and Affected Versions: Jettison versions prior to 1.5.2 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 Description: A stack overflow in Jettison allows attackers to cause a Denial of Service DoS via crafted JSON data. This issue has a high impact o...
PT-2022-6900
Name of the Vulnerable Software and Affected Versions hutool-json version 5.8.10 org.json:json versions prior to 20230227 Bitbucket Data Center and Server versions 7.17.0 through 8.12.0 Description A stack overflow in the XML.toJSONObject component allows attackers to cause a Denial of Service Do...
The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software lies in the lack of measures taken at the management level to clean data, allowing attackers to execute arbitrary code.
The vulnerability of the Atlassian Bitbucket Data Center and Bitbucket Server software-related data processing lies in the lack of measures taken at the management level to clean up data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Atlassian Addresses Issues in Crowd and Bitbucket Products
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian has two security holes that can be abused to allow arbitrary code execution. CVE-2022-43782 allows an intruder connecting from an IP address on the allow list to authenticate as the crow...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
Command injection
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...