CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2019-20097
https://notcve.org/view.php?id=CVE-2019-20097
15 Jan 2020 — Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with pe... • https://jira.atlassian.com/browse/BSERV-12099 •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2019-15012
https://notcve.org/view.php?id=CVE-2019-15012
15 Jan 2020 — Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permis... • https://jira.atlassian.com/browse/BSERV-12100 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 2%CPEs: 11EXPL: 0CVE-2019-15010
https://notcve.org/view.php?id=CVE-2019-15010
15 Jan 2020 — Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A... • https://jira.atlassian.com/browse/BSERV-12098 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2019-15005
https://notcve.org/view.php?id=CVE-2019-15005
08 Nov 2019 — The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center... • https://herolab.usd.de/security-advisories/usd-2019-0016 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 11%CPEs: 7EXPL: 0CVE-2019-15000 – Bitbucket Server / Data Center Argument Injection
https://notcve.org/view.php?id=CVE-2019-15000
19 Sep 2019 — The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a reposito... • http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 16%CPEs: 6EXPL: 0CVE-2019-3397 – Bitbucket Path Traversal / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-3397
23 May 2019 — Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance v... • https://jira.atlassian.com/browse/BSERV-11706 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 2%CPEs: 5EXPL: 0CVE-2018-5225 – Bitbucket Browser Editing Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-5225
22 Mar 2018 — In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. La edición en navegador de Atlassian ... • http://www.securityfocus.com/bid/103488 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18087
https://notcve.org/view.php?id=CVE-2017-18087
15 Feb 2018 — The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. El recurso down... • http://www.securityfocus.com/bid/103038 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18088
https://notcve.org/view.php?id=CVE-2017-18088
15 Feb 2018 — Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. Varios ... • http://www.securityfocus.com/bid/103040 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18036
https://notcve.org/view.php?id=CVE-2017-18036
02 Feb 2018 — The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. El importador de repositorios Github en Atlassian Bitbucket Server, en versiones anteriores a la 5.3.0, permite que atacantes remotos determinen si un servicio al que no hubiesen podido acceder de otra forma tiene puertos abiertos mediante una vulnerabilidad de SSRF (Server-Sid... • http://www.securityfocus.com/bid/102932 • CWE-918: Server-Side Request Forgery (SSRF) •