Vulnerabilities > Atlassian > Bitbucket > High

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2022-36804 Unspecified vulnerability in Atlassian Bitbucket
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
network
low complexity
atlassian
8.8
8.8
2022-07-20 CVE-2022-26137 Origin Validation Error vulnerability in Atlassian products
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses.
network
low complexity
atlassian CWE-346
8.8
8.8
2021-02-18 CVE-2020-36233 Incorrect Default Permissions vulnerability in Atlassian Bitbucket
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
local
low complexity
atlassian CWE-276
7.8
7.8
2020-01-15 CVE-2019-20097 Unspecified vulnerability in Atlassian Bitbucket
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook.
network
low complexity
atlassian
8.8
8.8
2020-01-15 CVE-2019-15012 Improper Privilege Management vulnerability in Atlassian Bitbucket
Bitbucket Server and Bitbucket Data Center from version 4.13.
network
low complexity
atlassian CWE-269
8.8
8.8
2020-01-15 CVE-2019-15010 Command Injection vulnerability in Atlassian Bitbucket
Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields.
network
low complexity
atlassian CWE-77
8.8
8.8
2018-02-15 CVE-2017-18087 Unspecified vulnerability in Atlassian Bitbucket
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
network
high complexity
atlassian
7.5
7.5