Search a vulnerability

All the vulnerabilites related to Atlassian - Bitbucket Data Center

cve-2022-26137

Vulnerability from cvelistv5

Published

2022-07-20 17:25

Modified

2024-10-03 17:10

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BAM-21795	x_refsource_MISC
	https://jira.atlassian.com/browse/BSERV-13370	x_refsource_MISC
	https://jira.atlassian.com/browse/CONFSERVER-79476	x_refsource_MISC
	https://jira.atlassian.com/browse/CWD-5815	x_refsource_MISC
	https://jira.atlassian.com/browse/FE-7410	x_refsource_MISC
	https://jira.atlassian.com/browse/CRUC-8541	x_refsource_MISC
	https://jira.atlassian.com/browse/JRASERVER-73897	x_refsource_MISC
	https://jira.atlassian.com/browse/JSDSERVER-11863	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bamboo Server
	Atlassian	Bamboo Data Center
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center
	Atlassian	Confluence Server
	Atlassian	Confluence Data Center
	Atlassian	Crowd Server
	Atlassian	Crowd Data Center
	Atlassian	Crucible
	Atlassian	Fisheye
	Atlassian	Jira Core Server
	Atlassian	Jira Software Server
	Atlassian	Jira Software Data Center
	Atlassian	Jira Service Management Server
	Atlassian	Jira Service Management Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.1",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T16:48:52.174175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T17:10:16.886Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:23",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26137",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26137",
    "datePublished": "2022-07-20T17:25:23.603830Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T17:10:16.886Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15000

Vulnerability from cvelistv5

Published

2019-09-19 14:24

Modified

2024-09-17 01:41

Severity ?

Summary

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-11947	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Sep/43	mailing-list, x_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:52.974Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-11947"
          },
          {
            "name": "20190925 Bitbucket Server security advisory 2019-09-18",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/43"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "5.16.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "5.16.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Argument Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-25T19:06:12",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-11947"
        },
        {
          "name": "20190925 Bitbucket Server security advisory 2019-09-18",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/43"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-09-18T00:00:00",
          "ID": "CVE-2019-15000",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Argument Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-11947",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-11947"
            },
            {
              "name": "20190925 Bitbucket Server security advisory 2019-09-18",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Sep/43"
            },
            {
              "name": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-15000",
    "datePublished": "2019-09-19T14:24:38.322739Z",
    "dateReserved": "2019-08-13T00:00:00",
    "dateUpdated": "2024-09-17T01:41:56.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15010

Vulnerability from cvelistv5

Published

2020-01-15 20:46

Modified

2024-09-16 22:56

Severity ?

Summary

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-12098	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-12098"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Expression Language Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T20:46:56",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-12098"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-01-15T10:00:00",
          "ID": "CVE-2019-15010",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Expression Language Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-12098",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-12098"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-15010",
    "datePublished": "2020-01-15T20:46:56.108707Z",
    "dateReserved": "2019-08-13T00:00:00",
    "dateUpdated": "2024-09-16T22:56:09.402Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26133

Vulnerability from cvelistv5

Published

2022-04-20 18:30

Modified

2024-10-03 14:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-13173	x_refsource_MISC
	https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13173"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.14",
                "status": "affected",
                "version": "5.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.6",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.18.4",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.4",
                "status": "affected",
                "version": "7.19.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.20.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26133",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T14:41:09.024921Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T14:55:36.962Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.14",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.18.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.19.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.20.0"
            }
          ]
        }
      ],
      "datePublic": "2022-03-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Deserialization of untrusted data",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-20T18:30:19",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13173"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-03-24T23:00:00",
          "ID": "CVE-2022-26133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.14"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.18.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.19.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.20.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of untrusted data"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13173",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13173"
            },
            {
              "name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
              "refsource": "MISC",
              "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26133",
    "datePublished": "2022-04-20T18:30:19.225869Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T14:55:36.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-20097

Vulnerability from cvelistv5

Published

2020-01-15 20:46

Modified

2024-09-16 18:48

Severity ?

Summary

Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-12099	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:32:10.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-12099"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Argument Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T20:46:56",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-12099"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-01-15T10:00:00",
          "ID": "CVE-2019-20097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Argument Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-12099",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-12099"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-20097",
    "datePublished": "2020-01-15T20:46:56.225730Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T18:48:48.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21684

Vulnerability from cvelistv5

Published

2024-07-24 18:00

Modified

2024-11-05 19:19

Severity ?

3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-19454

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21684",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T18:45:18.293627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-601",
                "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T19:19:43.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:27:36.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-19454"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "affected",
              "version": "8.19.1"
            },
            {
              "status": "affected",
              "version": "8.9.0 to 8.9.12"
            },
            {
              "status": "affected",
              "version": "8.8.0 to 8.8.7"
            },
            {
              "status": "affected",
              "version": "8.7.0 to 8.7.5"
            },
            {
              "status": "affected",
              "version": "8.6.0 to 8.6.4"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.4"
            },
            {
              "status": "affected",
              "version": "8.4.0 to 8.4.4"
            },
            {
              "status": "affected",
              "version": "8.3.0 to 8.3.4"
            },
            {
              "status": "affected",
              "version": "8.2.2 to 8.2.4"
            },
            {
              "status": "affected",
              "version": "8.1.3 to 8.1.5"
            },
            {
              "status": "affected",
              "version": "8.0.3 to 8.0.5"
            },
            {
              "status": "unaffected",
              "version": "8.19.2 to 8.19.6"
            },
            {
              "status": "unaffected",
              "version": "8.9.13 to 8.9.17"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Taha YILDIRIM"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2.\n\nThis open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.\n\nAtlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the  supported fixed versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "Open Redirect"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-24T18:00:02.553Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/BSERV-19454"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2024-21684",
    "datePublished": "2024-07-24T18:00:01.656Z",
    "dateReserved": "2024-01-01T00:05:33.846Z",
    "dateUpdated": "2024-11-05T19:19:43.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-22513

Vulnerability from cvelistv5

Published

2023-09-19 17:00

Modified

2024-08-02 10:13

Severity ?

8.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program

References

▼	URL	Tags
	https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616
	https://jira.atlassian.com/browse/BSERV-14419

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Data Center
	Atlassian	Bitbucket Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:13:48.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-14419"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.10.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.11.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.12.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.8.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.9.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.10.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.11.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.12.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.13.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.14.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.9.5"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "\u003c 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.1.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.10.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.11.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.12.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.13.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.2.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.3.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.4.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.5.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.6.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.7.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.8.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.9.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.10.5"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.11.4"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.12.2"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.13.1"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.14.0"
            },
            {
              "status": "unaffected",
              "version": "\u003e= 8.9.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "a private user"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version \u003e= 8.0 and \u003c 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-19T18:30:00.597Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
        },
        {
          "url": "https://jira.atlassian.com/browse/BSERV-14419"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2023-22513",
    "datePublished": "2023-09-19T17:00:00.980Z",
    "dateReserved": "2023-01-01T00:01:22.330Z",
    "dateUpdated": "2024-08-02T10:13:48.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-15012

Vulnerability from cvelistv5

Published

2020-01-15 20:46

Modified

2024-09-17 04:24

Severity ?

Summary

Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-12100	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:53.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-12100"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.13",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.13",
              "versionType": "custom"
            },
            {
              "lessThan": "5.16.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-15T20:46:56",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-12100"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2020-01-15T10:00:00",
          "ID": "CVE-2019-15012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.13"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.13"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.16.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.11"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.2.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.3.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.3.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.4.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.5.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.6.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.6.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.7.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.8.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.8.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.9.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-12100",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-12100"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-15012",
    "datePublished": "2020-01-15T20:46:56.181070Z",
    "dateReserved": "2019-08-13T00:00:00",
    "dateUpdated": "2024-09-17T04:24:12.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36233

Vulnerability from cvelistv5

Published

2021-02-18 15:16

Modified

2024-09-16 19:30

Severity ?

Summary

The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-12753	x_refsource_MISC
	https://www.kb.cert.org/vuls/id/240785	third-party-advisory, x_refsource_CERT-VN

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-12753"
          },
          {
            "name": "VU#240785",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/240785"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.10.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.10.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "6.10.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.10.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-02-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect Permission Assignment for Critical Resource",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-18T19:06:08",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-12753"
        },
        {
          "name": "VU#240785",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/240785"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2021-02-16T00:00:00",
          "ID": "CVE-2020-36233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.10.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.10.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.10.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.10.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Permission Assignment for Critical Resource"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-12753",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-12753"
            },
            {
              "name": "VU#240785",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/240785"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2020-36233",
    "datePublished": "2021-02-18T15:16:22.101146Z",
    "dateReserved": "2021-01-27T00:00:00",
    "dateUpdated": "2024-09-16T19:30:12.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-26136

Vulnerability from cvelistv5

Published

2022-07-20 17:25

Modified

2024-10-03 16:43

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BAM-21795	x_refsource_MISC
	https://jira.atlassian.com/browse/BSERV-13370	x_refsource_MISC
	https://jira.atlassian.com/browse/CONFSERVER-79476	x_refsource_MISC
	https://jira.atlassian.com/browse/CWD-5815	x_refsource_MISC
	https://jira.atlassian.com/browse/FE-7410	x_refsource_MISC
	https://jira.atlassian.com/browse/CRUC-8541	x_refsource_MISC
	https://jira.atlassian.com/browse/JRASERVER-73897	x_refsource_MISC
	https://jira.atlassian.com/browse/JSDSERVER-11863	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bamboo Server
	Atlassian	Bamboo Data Center
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center
	Atlassian	Confluence Server
	Atlassian	Confluence Data Center
	Atlassian	Crowd Server
	Atlassian	Crowd Data Center
	Atlassian	Crucible
	Atlassian	Fisheye
	Atlassian	Jira Core Server
	Atlassian	Jira Software Server
	Atlassian	Jira Software Data Center
	Atlassian	Jira Service Management Server
	Atlassian	Jira Service Management Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:56:37.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-21795"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13370"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CWD-5815"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/FE-7410"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/CRUC-8541"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bamboo",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.2.10",
                "status": "affected",
                "version": "7.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.9",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.8",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.8",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.19.5",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.20.2",
                "status": "affected",
                "version": "7.20.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.2",
                "status": "affected",
                "version": "7.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.0"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.4.17",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.13.7",
                "status": "affected",
                "version": "7.5.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.14.3",
                "status": "affected",
                "version": "7.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.15.2",
                "status": "affected",
                "version": "7.15.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.16.4",
                "status": "affected",
                "version": "7.16.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.4",
                "status": "affected",
                "version": "7.17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "confluence_server",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "7.18.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.3.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.4.2",
                "status": "affected",
                "version": "4.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crowd",
            "vendor": "atlassian",
            "versions": [
              {
                "status": "affected",
                "version": "5.0.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crucible",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fisheye",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.8.10",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_data_center",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_server",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "8.13.22",
                "status": "affected",
                "version": "8.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.20.10",
                "status": "affected",
                "version": "8.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.22.4",
                "status": "affected",
                "version": "8.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_desk",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.13.22",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jira_service_management",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "4.20.10",
                "status": "affected",
                "version": "4.14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "4.22.4",
                "status": "affected",
                "version": "4.21.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-26136",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-03T15:26:49.090400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-03T16:43:16.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bamboo Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bamboo Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.0.9",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.6.16",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.19.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.20.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.20.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "8.0.0"
            },
            {
              "status": "affected",
              "version": "8.1.0"
            }
          ]
        },
        {
          "product": "Confluence Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Confluence Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "7.4.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.13.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.14.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.16.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.16.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "7.18.0"
            }
          ]
        },
        {
          "product": "Crowd Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crowd Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "5.0.0"
            }
          ]
        },
        {
          "product": "Crucible",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Fisheye",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.8.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Core Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Software Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "8.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Jira Service Management Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "4.13.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.20.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "4.21.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.22.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-07-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-180",
              "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-20T17:25:18",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-21795"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-13370"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CWD-5815"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/FE-7410"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/CRUC-8541"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2022-07-20T00:00:00",
          "ID": "CVE-2022-26136",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bamboo Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bamboo Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.0.9"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.1.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.2.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.2.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.6.16"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.7.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.18.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.19.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.20.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.20.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.21.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Confluence Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4.17"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.5.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.13.7"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.14.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.15.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.16.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.16.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.17.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "7.18.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crowd Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.3.8"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.4.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "5.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Crucible",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fisheye",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.8.10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Core Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Software Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "8.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Jira Service Management Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.13.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.20.10"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "4.21.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.22.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BAM-21795",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13370",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "name": "https://jira.atlassian.com/browse/CWD-5815",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "name": "https://jira.atlassian.com/browse/FE-7410",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "name": "https://jira.atlassian.com/browse/CRUC-8541",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-26136",
    "datePublished": "2022-07-20T17:25:18.803466Z",
    "dateReserved": "2022-02-25T00:00:00",
    "dateUpdated": "2024-10-03T16:43:16.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-3397

Vulnerability from cvelistv5

Published

2019-06-03 13:44

Modified

2024-09-16 17:47

Severity ?

Summary

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-11706	x_refsource_MISC

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:12:09.402Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-11706"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.13.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.13.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.14.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "5.15.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.15.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Path Traversal",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-03T13:44:05",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.atlassian.com/browse/BSERV-11706"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "DATE_PUBLIC": "2019-05-22T10:00:00",
          "ID": "CVE-2019-3397",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Bitbucket Data Center",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.13.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.14.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.14.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "5.15.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.15.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.0.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "6.1.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "6.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Atlassian"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-11706",
              "refsource": "MISC",
              "url": "https://jira.atlassian.com/browse/BSERV-11706"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2019-3397",
    "datePublished": "2019-06-03T13:44:05.862975Z",
    "dateReserved": "2018-12-19T00:00:00",
    "dateUpdated": "2024-09-16T17:47:59.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-43781

Vulnerability from cvelistv5

Published

2022-11-17 00:00

Modified

2024-10-02 14:56

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.

References

▼	URL	Tags
	https://confluence.atlassian.com/x/Y4hXRg
	https://jira.atlassian.com/browse/BSERV-13522

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Data Center
	Atlassian	Bitbucket Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:40:06.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/x/Y4hXRg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13522"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "bitbucket",
            "vendor": "atlassian",
            "versions": [
              {
                "lessThan": "7.6.19",
                "status": "affected",
                "version": "7.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.17.12",
                "status": "affected",
                "version": "7.7.0",
                "versionType": "custom"
              },
              {
                "lessThan": "7.21.6",
                "status": "affected",
                "version": "7.18.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.5",
                "status": "affected",
                "version": "7.22.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.1.5",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.2.4",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.3.3",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.4.2",
                "status": "affected",
                "version": "8.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T14:27:57.305026Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T14:56:09.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "before 7.0"
            },
            {
              "status": "affected",
              "version": "before 7.17.12"
            },
            {
              "status": "affected",
              "version": "before 7.21.6"
            },
            {
              "status": "affected",
              "version": "before 7.6.19"
            },
            {
              "status": "affected",
              "version": "before 8.0.5"
            },
            {
              "status": "affected",
              "version": "before 8.1.5"
            },
            {
              "status": "affected",
              "version": "before 8.2.4"
            },
            {
              "status": "affected",
              "version": "before 8.3.3"
            },
            {
              "status": "affected",
              "version": "before 8.4.2"
            },
            {
              "status": "affected",
              "version": "before 8.5.0"
            }
          ]
        },
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "status": "unaffected",
              "version": "before 7.0"
            },
            {
              "status": "affected",
              "version": "before 7.17.12"
            },
            {
              "status": "affected",
              "version": "before 7.21.6"
            },
            {
              "status": "affected",
              "version": "before 7.6.19"
            },
            {
              "status": "affected",
              "version": "before 8.0.5"
            },
            {
              "status": "affected",
              "version": "before 8.1.5"
            },
            {
              "status": "affected",
              "version": "before 8.2.4"
            },
            {
              "status": "affected",
              "version": "before 8.3.3"
            },
            {
              "status": "affected",
              "version": "before 8.4.2"
            },
            {
              "status": "affected",
              "version": "before 8.5.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "https://github.com/Ry0taK"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled \u201cAllow public signup\u201d."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "RCE (Remote Code Execution)",
              "lang": "en",
              "type": "RCE (Remote Code Execution)"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-17T00:00:01.210Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://confluence.atlassian.com/x/Y4hXRg"
        },
        {
          "url": "https://jira.atlassian.com/browse/BSERV-13522"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-43781",
    "datePublished": "2022-11-17T00:00:01.210Z",
    "dateReserved": "2022-10-26T14:49:11.114Z",
    "dateUpdated": "2024-10-02T14:56:09.693Z",
    "requesterUserId": "4ceb4895-2afc-4c29-bf72-c2e04b367c52",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36804

Vulnerability from cvelistv5

Published

2022-08-25 05:40

Modified

2024-09-16 18:14

Severity ?

Summary

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.

References

▼	URL	Tags
	https://jira.atlassian.com/browse/BSERV-13438
	http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html
	http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html

Impacted products

▼	Vendor	Product
	Atlassian	Bitbucket Server
	Atlassian	Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:14:28.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-24T00:00:00",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/BSERV-13438"
        },
        {
          "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-36804",
    "datePublished": "2022-08-25T05:40:08.899310Z",
    "dateReserved": "2022-07-26T00:00:00",
    "dateUpdated": "2024-09-16T18:14:18.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}