Lucene search
K

20 matches found

Github Security Blog
Github Security Blog
added 2026/03/16 8:44 p.m.11 views

File Browser Signup Grants Admin When Default Permissions Include Admin

Summary Any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the default user permissions have perm.admin = true. The signup handler blindly applies all default settings - including Perm.Admin - to the new user without any...

10CVSS6AI score0.00677EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2025/08/21 6:15 p.m.28 views

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

9.8CVSS0.00538EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/21 12:0 a.m.10 views

CVE-2025-52352

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...

0.00538EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.7 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS8.2AI score0.98076EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.28 views

Atlassian Bitbucket 8.4.x < 8.4.2 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

9.8CVSS10AI score0.98076EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.34 views

Atlassian Bitbucket 8.3.x < 8.3.3 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

9.8CVSS10AI score0.98076EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.27 views

Atlassian Bitbucket 8.2.x < 8.2.4 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

9.8CVSS10AI score0.98076EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.45 views

Atlassian Bitbucket < 7.6.19 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

9.8CVSS10AI score0.98076EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/11/24 12:0 a.m.23 views

Atlassian Bitbucket 8.1.x < 8.1.5 Command Injection

According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is affected by a command injection vulnerability. A remote attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This...

9.8CVSS10AI score0.98076EPSS
Exploits3References2
OSV
OSV
added 2022/11/17 12:15 a.m.1 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS6.1AI score0.98076EPSS
Exploits3References2
NVD
NVD
added 2022/11/17 12:15 a.m.16 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS0.98076EPSS
Exploits3References2
Prion
Prion
added 2022/11/17 12:15 a.m.56 views

Command injection

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

7.5CVSS9.8AI score0.98076EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.29 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

10AI score0.98076EPSS
Exploits3References2
OSV
OSV
added 2022/10/28 8:15 a.m.4 views

CVE-2022-3735

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

9.8CVSS5.5AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.5 views

seccome Ehoney 安全漏洞

seccome Ehoney is a secure, fast, highly interactive, enterprise-class honeypot management system open-sourced by China's seccome. A security vulnerability exists in seccome Ehoney, which stems from incorrect access control of some unknown handlers in its file /api/public/signup causing an attack...

9.8CVSS8.3AI score0.00454EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/12 12:0 a.m.2 views

PT-2022-5667 · Atlassian · Bitbucket Server +1

Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server and Data Center affected versions not specified Description: The issue is related to a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to...

9.8CVSS9.8AI score0.98076EPSS
Exploits3References17
Atlassian
Atlassian
added 2018/03/15 1:17 a.m.28 views

Honeypot strategy is no longer effectively preventing spam account signup

panel:title=Fix From 3.9.5 onwards we have turned off the honeypot in favour of using captcha anyone affected by this issue just needs to switch the CAPTCHA on...

7.7AI score
Exploits0
Atlassian
Atlassian
added 2008/09/08 8:18 a.m.17 views

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/08 8:18 a.m.21 views

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

0.8AI score
Exploits0
Atlassian
Atlassian
added 2008/09/08 8:18 a.m.19 views

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

0.8AI score
Exploits0Affected Software1
Rows per page
Query Builder