967 matches found
Argument injection in the download commit resource through the at parameter - CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
Argument injection in the download commit resource through the at parameter - CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
Atlassian auto-unapprove plugin security bypass vulnerability
Atlassian auto-unapprove plugin is a plugin with auto-unapprove function applied in Bitbucket by Atlassian Australia. A security vulnerability exists in Atlassian auto-unapprove plugin version 3.0.1. An attacker can exploit the vulnerability to bypass the plugin via a brute force attack...
REST API - Improved HTTP Authentication
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...
REST API - Improved HTTP Authentication
h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...
CVE-2017-16857
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...
CVE-2017-16857
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...
Design/Logic Flaw
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...
CVE-2017-16857
The CVE-2017-16857 entry concerns the Atlassian auto-unapprove plugin for Bitbucket. Affected component: the auto-unapprove plugin (not bundled with Bitbucket Server). Root cause: bypass of the plugin via minimal brute-force due to reliance on back-end asynchronous events, enabling an attacker to...
Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability(CVE-2017-12087)
Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...
Atlassian Bitbucket Server Directory Traversal Vulnerability
Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A directory traversal vulnerability exists in the pull requests resource in Atlassian...
Weblate: Open redirect in Signing in via Social Sites
Weak Authentication Leads to the Open redirection to Malicios Sites : Signing in via Facebook : + https://hosted.weblate.org/accounts/login/facebook/?next=///evil.com Signing in via Gmail : + https://hosted.weblate.org/accounts/login/google-oauth2/?next=///evil.com Signing in via Github: +...
Atlassian Bitbucket Directory Traversal Vulnerability (BSERV-8819)
Atlassian Bitbucket is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Atlassian Bitbucket Detection (HTTP)
HTTP based detection of Atlassian Bitbucket. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2016-4320
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...
CVE-2016-4320
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...
Directory traversal
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...
CVE-2016-4320
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...
CVE-2016-4320
CVE-2016-4320 affects Atlassian Bitbucket Server prior to 4.7.1. A directory traversal in the pull requests resource allows remote attackers to read the first line of an arbitrary file, leaking partial confidentiality. The issue is triggered via a directory traversal path and is limited to the fi...
Atlassian Bitbucket Server 4.x < 4.7.1 Directory Traversal
Binary data 9940.prm...