Bitbucket

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-17	CVE-2022-43781	Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. network low complexity atlassian CWE-77 critical	9.8
2022-08-25	CVE-2022-36804	Unspecified vulnerability in Atlassian Bitbucket Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. network low complexity atlassian	8.8
2022-07-20	CVE-2022-26136	Improper Authentication vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. network low complexity atlassian CWE-287 critical	9.8
2022-07-20	CVE-2022-26137	Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. network low complexity atlassian CWE-346	8.8
2021-02-18	CVE-2020-36233	Incorrect Default Permissions vulnerability in Atlassian Bitbucket The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. local low complexity atlassian CWE-276	7.8
2020-07-09	CVE-2020-14171	Cleartext Transmission of Sensitive Information vulnerability in Atlassian Bitbucket Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. network high complexity atlassian CWE-319	6.5
2020-07-09	CVE-2020-14170	Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. network low complexity atlassian CWE-918	4.3
2020-01-15	CVE-2019-20097	Unspecified vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. network low complexity atlassian	8.8
2020-01-15	CVE-2019-15012	Improper Privilege Management vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center from version 4.13. network low complexity atlassian CWE-269	8.8
2020-01-15	CVE-2019-15010	Command Injection vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. network low complexity atlassian CWE-77	8.8