Lucene search
K

307 matches found

Atlassian
Atlassian
added 2025/12/19 4:27 p.m.16 views

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5, allows an attacker to perform actions to degrade service, which has no impact to...

7.5CVSS8.1AI score0.03389EPSS
Exploits0
Veracode
Veracode
added 2025/12/13 5:6 a.m.20 views

CSRF Bypass

Jenkins Bitbucket Server Integration Plugin is vulnerable to CSRF Bypass. The vulnerability is due to an overly permissive implementation of an extension point that selectively disables cross-site request forgery CSRF protection for specific URLs, where attackers can craft URLs that would bypass...

8.8CVSS5.7AI score0.00285EPSS
Exploits0References2Affected Software1
Atlassian
Atlassian
added 2025/12/12 7:28 a.m.23 views

RCE (Remote Code Execution) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.19.0, 9.4.0, and 10.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...

7.5CVSS8.6AI score0.66535EPSS
Exploits4
Atlassian
Atlassian
added 2025/12/12 7:28 a.m.18 views

DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.6, allows an attacker to perform actions to degrade service, which has no impact to confidentiality, no...

8.6CVSS8.1AI score0.01702EPSS
Exploits0
Atlassian
Atlassian
added 2025/12/02 10:27 p.m.15 views

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bitbucket Data Center and Server

This High severity DoS Denial of Service Dependency vulnerability, known as CVE-2024-7254, was introduced in version 8.9.0 of Bitbucket Data Center and Server. This vulnerability, with a CVSS Score of 8.7 and a vector of...

8.7CVSS7.6AI score0.02772EPSS
Exploits1
Veracode
Veracode
added 2025/11/20 8:39 a.m.172 views

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...

7.5CVSS7.1AI score0.00549EPSS
Exploits1References5Affected Software3
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.25 views

Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-22235

This High severity vulnerability known as CVE-2025-22235 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15, 8.19.16, 8.19.17, 8.19.18, 8.19.19, 8.19.20, 8.19.21, 8.19.23, 8.19.24 of Bitbucket Data...

7.3CVSS7.4AI score0.00358EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.15 views

Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24772

This High severity vulnerability known as CVE-2022-24772 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.01015EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.16 views

Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24771

This High severity vulnerability known as CVE-2022-24771 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.00717EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.18 views

Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-28471

This High severity vulnerability known as CVE-2020-28471 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...

9.8CVSS6.8AI score0.01092EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.40 views

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819

This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...

7.5CVSS6.8AI score0.54862EPSS
Exploits6
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.27 views

RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38999

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

10CVSS6.8AI score0.00749EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.15 views

RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-45133

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.3CVSS6.8AI score0.0052EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587

This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.02267EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.16 views

Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-46175

This High severity vulnerability known as CVE-2022-46175 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.1 and a CV...

8.8CVSS6.8AI score0.09304EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.16 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-31129

This High severity vulnerability known as CVE-2022-31129 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.04923EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.15 views

Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24785

This High severity vulnerability known as CVE-2022-24785 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.05664EPSS
Exploits0
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.19 views

DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-45590

This High severity vulnerability known as CVE-2024-45590 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...

7.5CVSS6.8AI score0.00824EPSS
Exploits1
Atlassian
Atlassian
added 2025/11/14 6:27 a.m.19 views

Command Injection Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-23337

This High severity vulnerability known as CVE-2021-23337 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.2 and a CV...

7.2CVSS6.8AI score0.2241EPSS
Exploits3
Atlassian
Atlassian
added 2025/11/14 5:27 a.m.15 views

SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282

note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...

9.8CVSS6.9AI score0.01613EPSS
Exploits1
Rows per page
Query Builder