307 matches found
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 and 9.4.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5, allows an attacker to perform actions to degrade service, which has no impact to...
CSRF Bypass
Jenkins Bitbucket Server Integration Plugin is vulnerable to CSRF Bypass. The vulnerability is due to an overly permissive implementation of an extension point that selectively disables cross-site request forgery CSRF protection for specific URLs, where attackers can craft URLs that would bypass...
RCE (Remote Code Execution) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity RCE Remote Code Execution vulnerability was introduced in versions 8.19.0, 9.4.0, and 10.0.0 of Bitbucket Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H allows an...
DoS (Denial of Service) org.apache.tomcat.embed:tomcat-embed-core Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service vulnerability was introduced in version 8.19.0 of Bitbucket Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 8.6, allows an attacker to perform actions to degrade service, which has no impact to confidentiality, no...
DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Bitbucket Data Center and Server
This High severity DoS Denial of Service Dependency vulnerability, known as CVE-2024-7254, was introduced in version 8.9.0 of Bitbucket Data Center and Server. This vulnerability, with a CVSS Score of 8.7 and a vector of...
Denial-of-service (DoS)
github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to improper handling of malformed Bitbucket Server webhook payloads—specifically a non-array repository.links.clone field—which allows an attacker to send a single unauthenticated malicious request that...
Improper Authorization Third-Party Dependency in Bitbucket Data Center and Server - CVE-2025-22235
This High severity vulnerability known as CVE-2025-22235 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15, 8.19.16, 8.19.17, 8.19.18, 8.19.19, 8.19.20, 8.19.21, 8.19.23, 8.19.24 of Bitbucket Data...
Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24772
This High severity vulnerability known as CVE-2022-24772 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Cryptographic Failure Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24771
This High severity vulnerability known as CVE-2022-24771 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2020-28471
This High severity vulnerability known as CVE-2020-28471 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.3 and a CV...
Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38819
This High severity vulnerability known as CVE-2024-38819 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Atlassian recommends...
RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-38999
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
RCE (Remote Code Execution) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-45133
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-33587
This High severity vulnerability known as CVE-2021-33587 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Prototype Pollution Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-46175
This High severity vulnerability known as CVE-2022-46175 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.1 and a CV...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-31129
This High severity vulnerability known as CVE-2022-31129 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Path Traversal Third-Party Dependency in Bitbucket Data Center and Server - CVE-2022-24785
This High severity vulnerability known as CVE-2022-24785 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
DoS (Denial of Service) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2024-45590
This High severity vulnerability known as CVE-2024-45590 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.5 and a CV...
Command Injection Third-Party Dependency in Bitbucket Data Center and Server - CVE-2021-23337
This High severity vulnerability known as CVE-2021-23337 was introduced in 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.2 and a CV...
SSRF (Server-Side Request Forgery) Third-Party Dependency in Bitbucket Data Center and Server - CVE-2023-42282
note: This is a critical vulnerability in a non-Atlassian Bitbucket dependency. However, Atlassian’s application of the dependency presents a lower assessed risk, which is why we are disclosing this vulnerability in our monthly Security Bulletin instead of a Critical Security Advisory. This...