Lucene search
K

967 matches found

Atlassian
Atlassian
added 2018/02/02 12:11 a.m.47 views

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

8.8CVSS8.8AI score0.77823EPSS
Exploits9Affected Software1
Atlassian
Atlassian
added 2018/02/02 12:11 a.m.45 views

Argument injection in the download commit resource through the at parameter - CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

7.5CVSS5.7AI score0.01789EPSS
Exploits0
CNVD
CNVD
added 2017/12/13 12:0 a.m.3 views

Atlassian auto-unapprove plugin security bypass vulnerability

Atlassian auto-unapprove plugin is a plugin with auto-unapprove function applied in Bitbucket by Atlassian Australia. A security vulnerability exists in Atlassian auto-unapprove plugin version 3.0.1. An attacker can exploit the vulnerability to bypass the plugin via a brute force attack...

8.5CVSS6.8AI score0.00591EPSS
Exploits0References1
Atlassian
Atlassian
added 2017/12/06 4:35 p.m.161 views

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

7.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2017/12/06 4:35 p.m.26 views

REST API - Improved HTTP Authentication

h4. Suggestion Description Confluence Server REST API|https://developer.atlassian.com/confdev/confluence-server-rest-api is a simple resource that help administrators to perform operations that would take some time of their day to day activities in a couple seconds, instead of a couple minutes. I...

7.7AI score
Exploits0
OSV
OSV
added 2017/12/05 4:29 p.m.4 views

CVE-2017-16857

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

8.5CVSS5.8AI score0.00591EPSS
Exploits0References1
NVD
NVD
added 2017/12/05 4:29 p.m.16 views

CVE-2017-16857

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

8.5CVSS8.5AI score0.00591EPSS
Exploits0References1
Prion
Prion
added 2017/12/05 4:29 p.m.19 views

Design/Logic Flaw

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the...

6CVSS8.4AI score0.00591EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/12/05 4:0 p.m.59 views

CVE-2017-16857

The CVE-2017-16857 entry concerns the Atlassian auto-unapprove plugin for Bitbucket. Affected component: the auto-unapprove plugin (not bundled with Bitbucket Server). Root cause: bypass of the plugin via minimal brute-force due to reliance on back-end asynchronous events, enabling an attacker to...

8.5CVSS8.4AI score0.00591EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2017/11/29 12:0 a.m.62 views

Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability(CVE-2017-12087)

Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...

9.3AI score0.01943EPSS
Exploits3
CNVD
CNVD
added 2017/05/24 12:0 a.m.5 views

Atlassian Bitbucket Server Directory Traversal Vulnerability

Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff view, JIRA integration and build integration. A directory traversal vulnerability exists in the pull requests resource in Atlassian...

4.3CVSS7AI score0.01755EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/04/25 10:32 a.m.12 views

Weblate: Open redirect in Signing in via Social Sites

Weak Authentication Leads to the Open redirection to Malicios Sites : Signing in via Facebook : + https://hosted.weblate.org/accounts/login/facebook/?next=///evil.com Signing in via Gmail : + https://hosted.weblate.org/accounts/login/google-oauth2/?next=///evil.com Signing in via Github: +...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2017/04/18 12:0 a.m.41 views

Atlassian Bitbucket Directory Traversal Vulnerability (BSERV-8819)

Atlassian Bitbucket is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS5AI score0.01755EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2017/04/18 12:0 a.m.27 views

Atlassian Bitbucket Detection (HTTP)

HTTP based detection of Atlassian Bitbucket. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.1AI score
Exploits0References1
NVD
NVD
added 2017/04/10 3:59 a.m.26 views

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

4.3CVSS4.7AI score0.01755EPSS
Exploits0References3
OSV
OSV
added 2017/04/10 3:59 a.m.4 views

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

4.3CVSS5.9AI score0.01755EPSS
Exploits0References3
Prion
Prion
added 2017/04/10 3:59 a.m.17 views

Directory traversal

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

4CVSS7.2AI score0.01755EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/10 3:0 a.m.29 views

CVE-2016-4320

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource...

4.7AI score0.01755EPSS
Exploits0References3
CVE
CVE
added 2017/04/10 3:0 a.m.45 views

CVE-2016-4320

CVE-2016-4320 affects Atlassian Bitbucket Server prior to 4.7.1. A directory traversal in the pull requests resource allows remote attackers to read the first line of an arbitrary file, leaking partial confidentiality. The issue is triggered via a directory traversal path and is limited to the fi...

4.3CVSS4.7AI score0.01755EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/02/08 12:0 a.m.14 views

Atlassian Bitbucket Server 4.x < 4.7.1 Directory Traversal

Binary data 9940.prm...

4.3CVSS7.3AI score0.01755EPSS
Exploits0References2
Rows per page
Query Builder