Vulnerabilities > Atlassian > Bitbucket > 2.10.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-20 | CVE-2022-26136 | Improper Authentication vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. | 9.8 |
2022-07-20 | CVE-2022-26137 | Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. | 8.8 |
2021-02-18 | CVE-2020-36233 | Incorrect Default Permissions vulnerability in Atlassian Bitbucket The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 7.8 |
2020-01-15 | CVE-2019-20097 | Unspecified vulnerability in Atlassian Bitbucket Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. | 8.8 |
2019-11-08 | CVE-2019-15005 | Missing Authorization vulnerability in Atlassian products The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. | 4.3 |
2018-02-02 | CVE-2017-18038 | Path Traversal vulnerability in Atlassian Bitbucket The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name. | 5.3 |
2018-02-02 | CVE-2017-18036 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. | 4.3 |
2017-04-10 | CVE-2016-4320 | Path Traversal vulnerability in Atlassian Bitbucket Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource. | 4.3 |