bitbucket · threatengine.sh

CVE-2022-43781

>= 7.0.0 and < 7.6.19

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permi

9.8CRITICAL

CVE-2022-36804

>= 7.0.0 and < 7.6.17

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before versio

8.8HIGH

CVE-2022-26137

< 7.6.16

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be

8.8HIGH

CVE-2022-26136

< 7.6.16

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first a

9.8CRITICAL

CVE-2020-36233

< 6.10.9

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from v

7.8HIGH

CVE-2020-14171

>= 4.9.0 and < 7.2.4

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository imp

6.5MEDIUM

CVE-2020-14170

>= 5.4.0 and < 7.3.1

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of int

4.3MEDIUM

CVE-2019-20097

>= 1.0.0 and < 5.6.11

Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from ver

8.8HIGH

CVE-2019-15012

>= 4.13.0 and < 5.6.11

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0

8.8HIGH

CVE-2019-15010

>= 3.0.0 and < 5.6.11

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before

8.8HIGH

CVE-2019-15005

< 6.6.0

The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic lo

4.3MEDIUM

CVE-2019-15000

>= 5.16.0 and < 5.16.10

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 befor

9.8CRITICAL

CVE-2019-3397

>= 5.13.0 and < 5.13.6

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from

9.1CRITICAL

CVE-2018-5225

>= 4.13.0 and < 5.4.8

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.

9.9CRITICAL

CVE-2017-18088

>= 5.3.0 and < 5.3.7

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.

4.3MEDIUM

CVE-2017-18087

>= 5.1.0 and < 5.1.7

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before vers

7.5HIGH

CVE-2017-18038

< 5.6.0

The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line

5.3MEDIUM

CVE-2017-18037

>= 3.7.0 and < 4.14.11

The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x

6.5MEDIUM

CVE-2017-18036

< 5.3.0

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a servic

4.3MEDIUM

CVE-2016-4320

< 4.7.1

Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traver

4.3MEDIUM

CVE-2013-0265

all versions

The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitra

atlassian bitbucket