Vulnerabilities > Atlassian > Bitbucket > 7.1.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-17 | CVE-2022-43781 | Command Injection vulnerability in Atlassian Bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. | 9.8 |
2022-08-25 | CVE-2022-36804 | Unspecified vulnerability in Atlassian Bitbucket Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. | 8.8 |
2021-02-18 | CVE-2020-36233 | Incorrect Default Permissions vulnerability in Atlassian Bitbucket The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. | 4.6 |
2020-07-09 | CVE-2020-14171 | Cleartext Transmission of Sensitive Information vulnerability in Atlassian Bitbucket Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack. | 5.8 |
2020-07-09 | CVE-2020-14170 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. | 4.0 |