CVSS: 9.1EPSS: 16%CPEs: 6EXPL: 0CVE-2019-3397 – Bitbucket Path Traversal / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-3397
23 May 2019 — Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance v... • https://jira.atlassian.com/browse/BSERV-11706 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 2%CPEs: 5EXPL: 0CVE-2018-5225 – Bitbucket Browser Editing Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-5225
22 Mar 2018 — In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. La edición en navegador de Atlassian ... • http://www.securityfocus.com/bid/103488 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2017-18087
https://notcve.org/view.php?id=CVE-2017-18087
15 Feb 2018 — The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter. El recurso down... • http://www.securityfocus.com/bid/103038 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-18088
https://notcve.org/view.php?id=CVE-2017-18088
15 Feb 2018 — Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection. Varios ... • http://www.securityfocus.com/bid/103040 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18036
https://notcve.org/view.php?id=CVE-2017-18036
02 Feb 2018 — The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. El importador de repositorios Github en Atlassian Bitbucket Server, en versiones anteriores a la 5.3.0, permite que atacantes remotos determinen si un servicio al que no hubiesen podido acceder de otra forma tiene puertos abiertos mediante una vulnerabilidad de SSRF (Server-Sid... • http://www.securityfocus.com/bid/102932 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2017-18037
https://notcve.org/view.php?id=CVE-2017-18037
02 Feb 2018 — The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from version 5.0.0 before 5.0.9 (the fixed version for 5.0.x), from version 5.1.0 before 5.1.8 (the fixed version for 5.1.x), from version 5.2.0 before 5.2.6 (the fixed version for 5.2.x), from version 5.3.0 before 5.3.4 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.2 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.1 (the fixed version for 5.5.x) an... • https://jira.atlassian.com/browse/BSERV-10595 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18038
https://notcve.org/view.php?id=CVE-2017-18038
02 Feb 2018 — The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. El recurso de opciones del repositorio en Atlassian Bitbucket Server, en versiones anteriores a la 5.6.0, permite que atacantes remotos lean la primera línea de archivos arbitrarios mediante una vulnerabilidad de salto de directorio a través del nombre de rama por defecto. • https://jira.atlassian.com/browse/BSERV-10592 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4320
https://notcve.org/view.php?id=CVE-2016-4320
10 Apr 2017 — Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. Atlassian Bitbucket Server en versiones anteriores a 4.7.1 permite a atacantes remotos leer la primera línea de un archivo arbitrario a través de un ataque de salto de directorio en el recurso de solicitudes de extracción. • http://www.securityfocus.com/bid/97515 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •