Lucene search
K

29 matches found

NVD
NVD
added 4 days ago9 views

CVE-2026-13540

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-40038

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS5.5AI score0.00227EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS0.00227EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13540

A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
CVE
CVE
added 4 days ago12 views

CVE-2026-13540

GitBucket up to 4.46.1 is affected by a vulnerability in Git.cloneRepository.setURI (RepositoryCreationService.scala) that allows server-side request forgery when the argument url is manipulated. This can be exploited remotely. An exploit has been released publicly. The patch identified is 487a9b...

6.5CVSS6.2AI score0.00227EPSS
Exploits0References8
NVD
NVD
added 2026/05/17 1:16 p.m.21 views

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS0.00589EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.11 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4
CVE
CVE
added 2026/05/17 12:11 p.m.17 views

CVE-2018-25332

CVE-2018-25332 - GitBucket 4.23.1 Unauthenticated Remote Code Execution Affected software: GitBucket 4.23.1. Vulnerability: An unauthenticated remote code execution flaw exists due to weak secret token generation and insecure file upload functionality. Adversaries can brute-force the Blowfish enc...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.9 views

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.41 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS0.00589EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.17 views

PT-2026-41558

Name of the Vulnerable Software and Affected Versions GitBucket version 4.23.1 Description An issue allows unauthenticated remote code execution through weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious J...

9.8CVSS6.5AI score0.00589EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.9 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00589EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0831

Malicious code in bioql PyPI...

8CVSS7.7AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:55 a.m.5 views

CVE-2024-28157

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

8CVSS5.4AI score0.01077EPSS
Exploits0References1
Veracode
Veracode
added 2024/03/07 7:31 a.m.26 views

Cross Site Scripting

org.jenkins-ci.plugins:gitbucket is vulnerable to Cross Site Scripting. The vulnerability is due to inadequate sanitization of GitBucket URLs on build views, allowing attackers with job configuration access to exploit it...

8CVSS6.7AI score0.01077EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/06 6:30 p.m.15 views

GHSA-5J74-G3C5-WQWW Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

8CVSS7.1AI score0.01077EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/06 6:30 p.m.21 views

Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

8CVSS5.5AI score0.01077EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/03/06 5:15 p.m.12 views

CVE-2024-28157

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

8CVSS5.5AI score0.01077EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 5:15 p.m.4 views

CVE-2024-28157

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

8CVSS5.6AI score0.01077EPSS
Exploits0References2
Prion
Prion
added 2024/03/06 5:15 p.m.27 views

Cross site scripting

Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure jobs...

5.4AI score0.01077EPSS
Exploits0References1
Rows per page
Query Builder