Vulnerabilities > Atlassian > Bitbucket > 2.7.4

DATE CVE VULNERABILITY TITLE RISK
2021-02-18 CVE-2020-36233 Incorrect Default Permissions vulnerability in Atlassian Bitbucket
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
local
low complexity
atlassian CWE-276
4.6
4.6
2020-01-15 CVE-2019-20097 Unspecified vulnerability in Atlassian Bitbucket
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook.
network
low complexity
atlassian
6.5
6.5
2019-11-08 CVE-2019-15005 Missing Authorization vulnerability in Atlassian products
The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check.
network
low complexity
atlassian CWE-862
4.0
4.0
2018-02-02 CVE-2017-18038 Path Traversal vulnerability in Atlassian Bitbucket
The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of arbitrary files via a path traversal vulnerability through the default branch name.
network
low complexity
atlassian CWE-22
5.0
5.0
2018-02-02 CVE-2017-18036 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket
The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.
network
low complexity
atlassian CWE-918
4.0
4.0
2017-04-10 CVE-2016-4320 Path Traversal vulnerability in Atlassian Bitbucket
Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal attack on the pull requests resource.
network
low complexity
atlassian CWE-22
4.0
4.0