Vulnerabilites related to Atlassian - Bitbucket Data Center
cve-2019-15000
Vulnerability from cvelistv5
Published
2019-09-19 14:24
Modified
2024-09-17 01:41
Severity ?
Summary
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.
References
https://jira.atlassian.com/browse/BSERV-11947x_refsource_MISC
https://seclists.org/bugtraq/2019/Sep/43mailing-list, x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: unspecified   < 5.16.10
Version: 6.0.0   < unspecified
Version: unspecified   < 6.0.10
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.8
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.6
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.5
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.3
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.2
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: unspecified   < 5.16.10
Version: 6.0.0   < unspecified
Version: unspecified   < 6.0.10
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.8
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.6
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.5
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.3
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:34:52.974Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-11947",
               },
               {
                  name: "20190925 Bitbucket Server security advisory 2019-09-18",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Sep/43",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "5.16.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "5.16.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2019-09-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Argument Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-25T19:06:12",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-11947",
            },
            {
               name: "20190925 Bitbucket Server security advisory 2019-09-18",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Sep/43",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2019-09-18T00:00:00",
               ID: "CVE-2019-15000",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.2",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Argument Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-11947",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-11947",
                  },
                  {
                     name: "20190925 Bitbucket Server security advisory 2019-09-18",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Sep/43",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2019-15000",
      datePublished: "2019-09-19T14:24:38.322739Z",
      dateReserved: "2019-08-13T00:00:00",
      dateUpdated: "2024-09-17T01:41:56.351Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-21684
Vulnerability from cvelistv5
Published
2024-07-24 18:00
Modified
2024-11-05 19:19
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.
References
https://jira.atlassian.com/browse/BSERV-19454
Impacted products
Vendor Product Version
Atlassian Bitbucket Data Center Version: 8.19.1
Version: 8.9.0 to 8.9.12
Version: 8.8.0 to 8.8.7
Version: 8.7.0 to 8.7.5
Version: 8.6.0 to 8.6.4
Version: 8.5.0 to 8.5.4
Version: 8.4.0 to 8.4.4
Version: 8.3.0 to 8.3.4
Version: 8.2.2 to 8.2.4
Version: 8.1.3 to 8.1.5
Version: 8.0.3 to 8.0.5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-21684",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-24T18:45:18.293627Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-601",
                        description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-11-05T19:19:43.760Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T22:27:36.150Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-19454",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "affected",
                     version: "8.19.1",
                  },
                  {
                     status: "affected",
                     version: "8.9.0 to 8.9.12",
                  },
                  {
                     status: "affected",
                     version: "8.8.0 to 8.8.7",
                  },
                  {
                     status: "affected",
                     version: "8.7.0 to 8.7.5",
                  },
                  {
                     status: "affected",
                     version: "8.6.0 to 8.6.4",
                  },
                  {
                     status: "affected",
                     version: "8.5.0 to 8.5.4",
                  },
                  {
                     status: "affected",
                     version: "8.4.0 to 8.4.4",
                  },
                  {
                     status: "affected",
                     version: "8.3.0 to 8.3.4",
                  },
                  {
                     status: "affected",
                     version: "8.2.2 to 8.2.4",
                  },
                  {
                     status: "affected",
                     version: "8.1.3 to 8.1.5",
                  },
                  {
                     status: "affected",
                     version: "8.0.3 to 8.0.5",
                  },
                  {
                     status: "unaffected",
                     version: "8.19.2 to 8.19.6",
                  },
                  {
                     status: "unaffected",
                     version: "8.9.13 to 8.9.17",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Taha YILDIRIM",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2.\n\nThis open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.\n\nAtlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the  supported fixed versions.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  baseScore: 3.1,
                  baseSeverity: "LOW",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Open Redirect",
                     lang: "en",
                     type: "Open Redirect",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-24T18:00:02.553Z",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               url: "https://jira.atlassian.com/browse/BSERV-19454",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2024-21684",
      datePublished: "2024-07-24T18:00:01.656Z",
      dateReserved: "2024-01-01T00:05:33.846Z",
      dateUpdated: "2024-11-05T19:19:43.760Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-26137
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 17:10
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
https://jira.atlassian.com/browse/BAM-21795x_refsource_MISC
https://jira.atlassian.com/browse/BSERV-13370x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-79476x_refsource_MISC
https://jira.atlassian.com/browse/CWD-5815x_refsource_MISC
https://jira.atlassian.com/browse/FE-7410x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8541x_refsource_MISC
https://jira.atlassian.com/browse/JRASERVER-73897x_refsource_MISC
https://jira.atlassian.com/browse/JSDSERVER-11863x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bamboo Server Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
 Create a notification for this product.
   Atlassian Bamboo Data Center Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
 Create a notification for this product.
   Atlassian Bitbucket Server Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
 Create a notification for this product.
   Atlassian Confluence Server Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
 Create a notification for this product.
   Atlassian Confluence Data Center Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
 Create a notification for this product.
   Atlassian Crowd Server Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
 Create a notification for this product.
   Atlassian Crowd Data Center Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
 Create a notification for this product.
   Atlassian Crucible Version: unspecified   < 4.8.10
 Create a notification for this product.
   Atlassian Fisheye Version: unspecified   < 4.8.10
 Create a notification for this product.
   Atlassian Jira Core Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Software Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Software Data Center Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Service Management Server Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
 Create a notification for this product.
   Atlassian Jira Service Management Data Center Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:56:37.614Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BAM-21795",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-13370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CWD-5815",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/FE-7410",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CRUC-8541",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/JRASERVER-73897",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bamboo",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.2.10",
                        status: "affected",
                        version: "7.2.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.0.9",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.1.8",
                        status: "affected",
                        version: "8.1.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.2.4",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.6.16",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.8",
                        status: "affected",
                        version: "7.7.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.19.5",
                        status: "affected",
                        version: "7.18.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.20.2",
                        status: "affected",
                        version: "7.20.1",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.21.2",
                        status: "affected",
                        version: "7.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.4.17",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.13.7",
                        status: "affected",
                        version: "7.5.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.14.3",
                        status: "affected",
                        version: "7.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.15.2",
                        status: "affected",
                        version: "7.15.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.16.4",
                        status: "affected",
                        version: "7.16.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.4",
                        status: "affected",
                        version: "7.17.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "7.18.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.4.17",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.13.7",
                        status: "affected",
                        version: "7.5.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.14.3",
                        status: "affected",
                        version: "7.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.15.2",
                        status: "affected",
                        version: "7.15.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.16.4",
                        status: "affected",
                        version: "7.16.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.4",
                        status: "affected",
                        version: "7.17.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "7.18.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crowd",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.3.8",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.4.2",
                        status: "affected",
                        version: "4.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crowd",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "5.0.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crucible",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.8.10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fisheye",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.8.10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "8.13.22",
                        status: "affected",
                        version: "8.13.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.20.10",
                        status: "affected",
                        version: "8.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.22.4",
                        status: "affected",
                        version: "8.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "8.13.22",
                        status: "affected",
                        version: "8.13.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.20.10",
                        status: "affected",
                        version: "8.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.22.4",
                        status: "affected",
                        version: "8.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_desk",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.13.22",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_desk",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.13.22",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_management",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.20.10",
                        status: "affected",
                        version: "4.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.22.4",
                        status: "affected",
                        version: "4.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_management",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.20.10",
                        status: "affected",
                        version: "4.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.22.4",
                        status: "affected",
                        version: "4.21.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-26137",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T16:48:52.174175Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T17:10:16.886Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bamboo Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.0.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bamboo Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.0.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.6.16",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.19.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.20.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "8.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.0",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.6.16",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.19.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.20.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "8.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.0",
                  },
               ],
            },
            {
               product: "Confluence Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.4.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.13.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.14.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.15.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.16.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.17.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "7.18.0",
                  },
               ],
            },
            {
               product: "Confluence Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.4.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.13.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.14.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.15.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.16.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.17.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "7.18.0",
                  },
               ],
            },
            {
               product: "Crowd Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.3.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.4.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "5.0.0",
                  },
               ],
            },
            {
               product: "Crowd Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.3.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.4.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "5.0.0",
                  },
               ],
            },
            {
               product: "Crucible",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.8.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Fisheye",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.8.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Core Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Software Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Software Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Service Management Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Service Management Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-07-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-180",
                     description: "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-20T17:25:23",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BAM-21795",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-13370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CWD-5815",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/FE-7410",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CRUC-8541",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/JRASERVER-73897",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2022-07-20T00:00:00",
               ID: "CVE-2022-26137",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bamboo Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.0.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bamboo Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.0.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.16",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.18.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.19.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.20.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.20.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.21.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.0.0",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.1.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.16",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.18.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.19.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.20.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.20.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.21.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.0.0",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.1.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Confluence Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.4.17",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.13.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.14.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.15.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.15.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.16.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.17.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "7.18.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Confluence Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.4.17",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.13.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.14.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.15.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.15.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.16.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.17.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "7.18.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crowd Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.3.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.4.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "5.0.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crowd Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.3.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.4.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "5.0.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crucible",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.8.10",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Fisheye",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.8.10",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Core Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Software Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Software Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Service Management Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Service Management Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.22.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BAM-21795",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BAM-21795",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-13370",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-13370",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CONFSERVER-79476",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CWD-5815",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CWD-5815",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/FE-7410",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/FE-7410",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CRUC-8541",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CRUC-8541",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/JRASERVER-73897",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/JRASERVER-73897",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/JSDSERVER-11863",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2022-26137",
      datePublished: "2022-07-20T17:25:23.603830Z",
      dateReserved: "2022-02-25T00:00:00",
      dateUpdated: "2024-10-03T17:10:16.886Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-3397
Vulnerability from cvelistv5
Published
2019-06-03 13:44
Modified
2024-09-16 17:47
Severity ?
Summary
Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
References
https://jira.atlassian.com/browse/BSERV-11706x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Data Center Version: 5.13.0   < unspecified
Version: unspecified   < 5.13.6
Version: 5.14.0   < unspecified
Version: unspecified   < 5.14.4
Version: 5.15.0   < unspecified
Version: unspecified   < 5.15.3
Version: 6.0.0   < unspecified
Version: unspecified   < 6.0.3
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T19:12:09.402Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-11706",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "5.13.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.13.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "5.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.14.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "5.15.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.15.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2019-05-22T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Path Traversal",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-06-03T13:44:05",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-11706",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2019-05-22T10:00:00",
               ID: "CVE-2019-3397",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "5.13.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.13.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "5.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.14.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "5.15.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.15.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Path Traversal",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-11706",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-11706",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2019-3397",
      datePublished: "2019-06-03T13:44:05.862975Z",
      dateReserved: "2018-12-19T00:00:00",
      dateUpdated: "2024-09-16T17:47:59.258Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-22513
Vulnerability from cvelistv5
Published
2023-09-19 17:00
Modified
2025-03-06 15:44
Severity ?
8.5 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program
References
https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616
https://jira.atlassian.com/browse/BSERV-14419
Impacted products
Vendor Product Version
Atlassian Bitbucket Data Center Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.10.0
Version: >= 8.11.0
Version: >= 8.12.0
Version: >= 8.13.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.6.0
Version: >= 8.7.0
Version: >= 8.8.0
Version: >= 8.9.0
 Create a notification for this product.
   Atlassian Bitbucket Server Version: >= 8.0.0
Version: >= 8.1.0
Version: >= 8.10.0
Version: >= 8.11.0
Version: >= 8.12.0
Version: >= 8.13.0
Version: >= 8.2.0
Version: >= 8.3.0
Version: >= 8.4.0
Version: >= 8.5.0
Version: >= 8.6.0
Version: >= 8.7.0
Version: >= 8.8.0
Version: >= 8.9.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T10:13:48.688Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-14419",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-22513",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-06T15:27:08.376997Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-94",
                        description: "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-06T15:44:37.364Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "< 8.0.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.0.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.1.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.10.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.11.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.12.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.13.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.2.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.3.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.4.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.5.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.6.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.7.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.8.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.9.0",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.10.5",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.11.4",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.12.2",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.13.1",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.14.0",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.9.5",
                  },
               ],
            },
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "< 8.0.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.0.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.1.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.10.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.11.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.12.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.13.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.2.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.3.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.4.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.5.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.6.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.7.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.8.0",
                  },
                  {
                     status: "affected",
                     version: ">= 8.9.0",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.10.5",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.11.4",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.12.2",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.13.1",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.14.0",
                  },
                  {
                     status: "unaffected",
                     version: ">= 8.9.5",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "a private user",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  baseScore: 8.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "RCE (Remote Code Execution)",
                     lang: "en",
                     type: "RCE (Remote Code Execution)",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-09-19T18:30:00.597Z",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               url: "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616",
            },
            {
               url: "https://jira.atlassian.com/browse/BSERV-14419",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2023-22513",
      datePublished: "2023-09-19T17:00:00.980Z",
      dateReserved: "2023-01-01T00:01:22.330Z",
      dateUpdated: "2025-03-06T15:44:37.364Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15012
Vulnerability from cvelistv5
Published
2020-01-15 20:46
Modified
2024-09-17 04:24
Severity ?
Summary
Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.
References
https://jira.atlassian.com/browse/BSERV-12100x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: 4.13   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: 4.13   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:34:53.124Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-12100",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.13",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.13",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2020-01-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Path traversal",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-15T20:46:56",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-12100",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2020-01-15T10:00:00",
               ID: "CVE-2019-15012",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "4.13",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "4.13",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Path traversal",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-12100",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-12100",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2019-15012",
      datePublished: "2020-01-15T20:46:56.181070Z",
      dateReserved: "2019-08-13T00:00:00",
      dateUpdated: "2024-09-17T04:24:12.976Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20097
Vulnerability from cvelistv5
Published
2020-01-15 20:46
Modified
2024-09-16 18:48
Severity ?
Summary
Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.
References
https://jira.atlassian.com/browse/BSERV-12099x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: 1.0   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: 1.0   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:32:10.612Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-12099",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2020-01-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Argument Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-15T20:46:56",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-12099",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2020-01-15T10:00:00",
               ID: "CVE-2019-20097",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Argument Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-12099",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-12099",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2019-20097",
      datePublished: "2020-01-15T20:46:56.225730Z",
      dateReserved: "2019-12-30T00:00:00",
      dateUpdated: "2024-09-16T18:48:48.325Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15010
Vulnerability from cvelistv5
Published
2020-01-15 20:46
Modified
2024-09-16 22:56
Severity ?
Summary
Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.
References
https://jira.atlassian.com/browse/BSERV-12098x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: 3.0   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: 3.0   < unspecified
Version: unspecified   < 5.16.11
Version: 6.0   < unspecified
Version: unspecified   < 6.0.11
Version: 6.1.0   < unspecified
Version: unspecified   < 6.1.9
Version: 6.2.0   < unspecified
Version: unspecified   < 6.2.7
Version: 6.3.0   < unspecified
Version: unspecified   < 6.3.6
Version: 6.4.0   < unspecified
Version: unspecified   < 6.4.4
Version: 6.5.0   < unspecified
Version: unspecified   < 6.5.3
Version: 6.6.0   < unspecified
Version: unspecified   < 6.6.3
Version: 6.7.0   < unspecified
Version: unspecified   < 6.7.3
Version: 6.8.0   < unspecified
Version: unspecified   < 6.8.2
Version: 6.9.0   < unspecified
Version: unspecified   < 6.9.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:34:53.027Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-12098",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "5.16.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.0.11",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.1.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.2.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.3.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.4.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.5.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.6.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.6.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.7.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.8.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.8.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "6.9.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "6.9.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2020-01-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Expression Language Injection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-15T20:46:56",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-12098",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2020-01-15T10:00:00",
               ID: "CVE-2019-15010",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "5.16.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.0.11",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.1.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.2.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.3.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.3.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.4.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.5.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.6.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.6.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.7.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.8.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.8.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "6.9.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "6.9.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Expression Language Injection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-12098",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-12098",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2019-15010",
      datePublished: "2020-01-15T20:46:56.108707Z",
      dateReserved: "2019-08-13T00:00:00",
      dateUpdated: "2024-09-16T22:56:09.402Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-36233
Vulnerability from cvelistv5
Published
2021-02-18 15:16
Modified
2024-09-16 19:30
Severity ?
Summary
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
References
https://jira.atlassian.com/browse/BSERV-12753x_refsource_MISC
https://www.kb.cert.org/vuls/id/240785third-party-advisory, x_refsource_CERT-VN
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: unspecified   < 6.10.9
Version: 7.0.0   < unspecified
Version: unspecified   < 7.6.4
Version: 7.7.0   < unspecified
Version: unspecified   < 7.10.1
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: unspecified   < 6.10.9
Version: 7.0.0   < unspecified
Version: unspecified   < 7.6.4
Version: 7.7.0   < unspecified
Version: unspecified   < 7.10.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T17:23:09.677Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-12753",
               },
               {
                  name: "VU#240785",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "https://www.kb.cert.org/vuls/id/240785",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "6.10.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.6.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.10.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "6.10.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.6.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.10.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2021-02-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Incorrect Permission Assignment for Critical Resource",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-02-18T19:06:08",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-12753",
            },
            {
               name: "VU#240785",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "https://www.kb.cert.org/vuls/id/240785",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2021-02-16T00:00:00",
               ID: "CVE-2020-36233",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "6.10.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.0.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.10.1",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "6.10.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.0.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.10.1",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect Permission Assignment for Critical Resource",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-12753",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-12753",
                  },
                  {
                     name: "VU#240785",
                     refsource: "CERT-VN",
                     url: "https://www.kb.cert.org/vuls/id/240785",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2020-36233",
      datePublished: "2021-02-18T15:16:22.101146Z",
      dateReserved: "2021-01-27T00:00:00",
      dateUpdated: "2024-09-16T19:30:12.974Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-26136
Vulnerability from cvelistv5
Published
2022-07-20 17:25
Modified
2024-10-03 16:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
References
https://jira.atlassian.com/browse/BAM-21795x_refsource_MISC
https://jira.atlassian.com/browse/BSERV-13370x_refsource_MISC
https://jira.atlassian.com/browse/CONFSERVER-79476x_refsource_MISC
https://jira.atlassian.com/browse/CWD-5815x_refsource_MISC
https://jira.atlassian.com/browse/FE-7410x_refsource_MISC
https://jira.atlassian.com/browse/CRUC-8541x_refsource_MISC
https://jira.atlassian.com/browse/JRASERVER-73897x_refsource_MISC
https://jira.atlassian.com/browse/JSDSERVER-11863x_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bamboo Server Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
 Create a notification for this product.
   Atlassian Bamboo Data Center Version: unspecified   < 8.0.9
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.8
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.4
 Create a notification for this product.
   Atlassian Bitbucket Server Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: unspecified   < 7.6.16
Version: 7.7.0   < unspecified
Version: 7.16.0   < unspecified
Version: unspecified   < 7.17.8
Version: 7.18.0   < unspecified
Version: unspecified   < 7.19.5
Version: 7.20.0   < unspecified
Version: unspecified   < 7.20.2
Version: 7.21.0   < unspecified
Version: unspecified   < 7.21.2
Version: 8.0.0
Version: 8.1.0
 Create a notification for this product.
   Atlassian Confluence Server Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
 Create a notification for this product.
   Atlassian Confluence Data Center Version: unspecified   < 7.4.17
Version: 7.5.0   < unspecified
Version: unspecified   < 7.13.7
Version: 7.14.0   < unspecified
Version: unspecified   < 7.14.3
Version: 7.15.0   < unspecified
Version: unspecified   < 7.15.2
Version: 7.16.0   < unspecified
Version: unspecified   < 7.16.4
Version: 7.17.0   < unspecified
Version: unspecified   < 7.17.4
Version: 7.18.0
 Create a notification for this product.
   Atlassian Crowd Server Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
 Create a notification for this product.
   Atlassian Crowd Data Center Version: unspecified   < 4.3.8
Version: 4.4.0   < unspecified
Version: unspecified   < 4.4.2
Version: 5.0.0
 Create a notification for this product.
   Atlassian Crucible Version: unspecified   < 4.8.10
 Create a notification for this product.
   Atlassian Fisheye Version: unspecified   < 4.8.10
 Create a notification for this product.
   Atlassian Jira Core Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Software Server Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Software Data Center Version: unspecified   < 8.13.22
Version: 8.14.0   < unspecified
Version: unspecified   < 8.20.10
Version: 8.21.0   < unspecified
Version: unspecified   < 8.22.4
 Create a notification for this product.
   Atlassian Jira Service Management Server Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
 Create a notification for this product.
   Atlassian Jira Service Management Data Center Version: unspecified   < 4.13.22
Version: 4.14.0   < unspecified
Version: unspecified   < 4.20.10
Version: 4.21.0   < unspecified
Version: unspecified   < 4.22.4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:56:37.592Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BAM-21795",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-13370",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CWD-5815",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/FE-7410",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/CRUC-8541",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/JRASERVER-73897",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bamboo",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.2.10",
                        status: "affected",
                        version: "7.2.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.0.9",
                        status: "affected",
                        version: "8.0.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.1.8",
                        status: "affected",
                        version: "8.1.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.2.4",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.6.16",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.8",
                        status: "affected",
                        version: "7.7.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.19.5",
                        status: "affected",
                        version: "7.18.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.20.2",
                        status: "affected",
                        version: "7.20.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.21.2",
                        status: "affected",
                        version: "7.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                     "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "8.0.0",
                     },
                     {
                        status: "affected",
                        version: "8.1.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.4.17",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.13.7",
                        status: "affected",
                        version: "7.5.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.14.3",
                        status: "affected",
                        version: "7.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.15.2",
                        status: "affected",
                        version: "7.15.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.16.4",
                        status: "affected",
                        version: "7.16.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.4",
                        status: "affected",
                        version: "7.17.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "7.18.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.4.17",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.13.7",
                        status: "affected",
                        version: "7.5.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.14.3",
                        status: "affected",
                        version: "7.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.15.2",
                        status: "affected",
                        version: "7.15.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.16.4",
                        status: "affected",
                        version: "7.16.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.4",
                        status: "affected",
                        version: "7.17.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "confluence_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "7.18.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crowd",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.3.8",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.4.2",
                        status: "affected",
                        version: "4.4.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crowd",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "5.0.0",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "crucible",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.8.10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "fisheye",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.8.10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "8.13.22",
                        status: "affected",
                        version: "8.13.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.20.10",
                        status: "affected",
                        version: "8.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.22.4",
                        status: "affected",
                        version: "8.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_server",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "8.13.22",
                        status: "affected",
                        version: "8.13.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.20.10",
                        status: "affected",
                        version: "8.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.22.4",
                        status: "affected",
                        version: "8.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_desk",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.13.22",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_desk",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.13.22",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_management",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.20.10",
                        status: "affected",
                        version: "4.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.22.4",
                        status: "affected",
                        version: "4.21.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "jira_service_management",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "4.20.10",
                        status: "affected",
                        version: "4.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "4.22.4",
                        status: "affected",
                        version: "4.21.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-26136",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T15:26:49.090400Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T16:43:16.268Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bamboo Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.0.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bamboo Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.0.9",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.6.16",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.19.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.20.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "8.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.0",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.6.16",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.19.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.20.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.20.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "8.0.0",
                  },
                  {
                     status: "affected",
                     version: "8.1.0",
                  },
               ],
            },
            {
               product: "Confluence Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.4.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.13.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.14.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.15.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.16.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.17.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "7.18.0",
                  },
               ],
            },
            {
               product: "Confluence Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "7.4.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.5.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.13.7",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.14.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.15.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.15.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.16.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.16.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.17.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "7.18.0",
                  },
               ],
            },
            {
               product: "Crowd Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.3.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.4.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "5.0.0",
                  },
               ],
            },
            {
               product: "Crowd Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.3.8",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.4.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.4.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "5.0.0",
                  },
               ],
            },
            {
               product: "Crucible",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.8.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Fisheye",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.8.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Core Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Software Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Software Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "8.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Service Management Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Jira Service Management Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "4.13.22",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.20.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "4.21.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "4.22.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-07-20T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-180",
                     description: "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-20T17:25:18",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BAM-21795",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-13370",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CWD-5815",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/FE-7410",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/CRUC-8541",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/JRASERVER-73897",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2022-07-20T00:00:00",
               ID: "CVE-2022-26136",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bamboo Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.0.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bamboo Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.0.9",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.1.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.1.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.2.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.2.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.16",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.18.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.19.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.20.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.20.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.21.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.0.0",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.1.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.16",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.18.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.19.5",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.20.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.20.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.21.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.0.0",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "8.1.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Confluence Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.4.17",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.13.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.14.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.15.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.15.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.16.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.17.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "7.18.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Confluence Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "7.4.17",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.5.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.13.7",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.14.3",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.15.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.15.2",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.16.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.16.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.17.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "7.18.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crowd Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.3.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.4.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "5.0.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crowd Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.3.8",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.4.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.4.2",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "5.0.0",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Crucible",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.8.10",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Fisheye",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.8.10",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Core Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Software Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Software Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "8.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "8.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "8.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Service Management Server",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.22.4",
                                       },
                                    ],
                                 },
                              },
                              {
                                 product_name: "Jira Service Management Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "4.13.22",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.20.10",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "4.21.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "4.22.4",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BAM-21795",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BAM-21795",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-13370",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-13370",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CONFSERVER-79476",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CWD-5815",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CWD-5815",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/FE-7410",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/FE-7410",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/CRUC-8541",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/CRUC-8541",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/JRASERVER-73897",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/JRASERVER-73897",
                  },
                  {
                     name: "https://jira.atlassian.com/browse/JSDSERVER-11863",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2022-26136",
      datePublished: "2022-07-20T17:25:18.803466Z",
      dateReserved: "2022-02-25T00:00:00",
      dateUpdated: "2024-10-03T16:43:16.268Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-36804
Vulnerability from cvelistv5
Published
2022-08-25 05:40
Modified
2025-01-29 16:20
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
References
https://jira.atlassian.com/browse/BSERV-13438
http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html
http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html
Impacted products
Vendor Product Version
Atlassian Bitbucket Server Version: 7.0.0   < unspecified
Version: unspecified   < 7.6.17
Version: 7.7.0   < unspecified
Version: unspecified   < 7.17.10
Version: 7.18.0   < unspecified
Version: unspecified   < 7.21.4
Version: 8.0.0   < unspecified
Version: unspecified   < 8.0.3
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.3
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.2
Version: 8.3.0   < unspecified
Version: unspecified   < 8.3.1
 Create a notification for this product.
   Atlassian Bitbucket Data Center Version: 7.0.0   < unspecified
Version: unspecified   < 7.6.17
Version: 7.7.0   < unspecified
Version: unspecified   < 7.17.10
Version: 7.18.0   < unspecified
Version: unspecified   < 7.21.4
Version: 8.0.0   < unspecified
Version: unspecified   < 8.0.3
Version: 8.1.0   < unspecified
Version: unspecified   < 8.1.3
Version: 8.2.0   < unspecified
Version: unspecified   < 8.2.2
Version: 8.3.0   < unspecified
Version: unspecified   < 8.3.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:14:28.471Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-13438",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 8.8,
                     baseSeverity: "HIGH",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "LOW",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-36804",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-29T16:19:10.861167Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2022-09-30",
                        reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-36804",
                     },
                     type: "kev",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-78",
                        description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
               {
                  descriptions: [
                     {
                        cweId: "CWE-88",
                        description: "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-29T16:20:14.323Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.6.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.0.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.3.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.6.17",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.10",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.21.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.0.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.0.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.1.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.1.3",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.2.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.2.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "8.3.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "8.3.1",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         datePublic: "2022-08-24T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Remote Code Execution",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-03-24T00:00:00.000Z",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               url: "https://jira.atlassian.com/browse/BSERV-13438",
            },
            {
               url: "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html",
            },
            {
               url: "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2022-36804",
      datePublished: "2022-08-25T05:40:08.899Z",
      dateReserved: "2022-07-26T00:00:00.000Z",
      dateUpdated: "2025-01-29T16:20:14.323Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-26133
Vulnerability from cvelistv5
Published
2022-04-20 18:30
Modified
2024-10-03 14:55
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
References
https://jira.atlassian.com/browse/BSERV-13173x_refsource_MISC
https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Atlassian Bitbucket Data Center Version: 5.14.0   < unspecified
Version: unspecified   < 7.6.14
Version: 7.7.0   < unspecified
Version: unspecified   < 7.17.6
Version: 7.18.0   < unspecified
Version: unspecified   < 7.18.4
Version: 7.19.0   < unspecified
Version: unspecified   < 7.19.4
Version: 7.20.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:56:37.656Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-13173",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.6.14",
                        status: "affected",
                        version: "5.14.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.6",
                        status: "affected",
                        version: "7.7.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.18.4",
                        status: "affected",
                        version: "7.18.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.19.4",
                        status: "affected",
                        version: "7.19.0",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket_data_center",
                  vendor: "atlassian",
                  versions: [
                     {
                        status: "affected",
                        version: "7.20.0",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-26133",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-03T14:41:09.024921Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-502",
                        description: "CWE-502 Deserialization of Untrusted Data",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-03T14:55:36.962Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "5.14.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.6.14",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.7.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.17.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.18.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.18.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     lessThan: "unspecified",
                     status: "affected",
                     version: "7.19.0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "7.19.4",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
                  {
                     status: "affected",
                     version: "7.20.0",
                  },
               ],
            },
         ],
         datePublic: "2022-03-24T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Deserialization of untrusted data",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-04-20T18:30:19",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.atlassian.com/browse/BSERV-13173",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@atlassian.com",
               DATE_PUBLIC: "2022-03-24T23:00:00",
               ID: "CVE-2022-26133",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Bitbucket Data Center",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: ">=",
                                          version_value: "5.14.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.6.14",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.7.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.17.6",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.18.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.18.4",
                                       },
                                       {
                                          version_affected: ">=",
                                          version_value: "7.19.0",
                                       },
                                       {
                                          version_affected: "<",
                                          version_value: "7.19.4",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "7.20.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Atlassian",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Deserialization of untrusted data",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://jira.atlassian.com/browse/BSERV-13173",
                     refsource: "MISC",
                     url: "https://jira.atlassian.com/browse/BSERV-13173",
                  },
                  {
                     name: "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
                     refsource: "MISC",
                     url: "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2022-26133",
      datePublished: "2022-04-20T18:30:19.225869Z",
      dateReserved: "2022-02-25T00:00:00",
      dateUpdated: "2024-10-03T14:55:36.962Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-43781
Vulnerability from cvelistv5
Published
2022-11-17 00:00
Modified
2024-10-02 14:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
References
https://confluence.atlassian.com/x/Y4hXRg
https://jira.atlassian.com/browse/BSERV-13522
Impacted products
Vendor Product Version
Atlassian Bitbucket Data Center Version: before 7.17.12
Version: before 7.21.6
Version: before 7.6.19
Version: before 8.0.5
Version: before 8.1.5
Version: before 8.2.4
Version: before 8.3.3
Version: before 8.4.2
Version: before 8.5.0
 Create a notification for this product.
   Atlassian Bitbucket Server Version: before 7.17.12
Version: before 7.21.6
Version: before 7.6.19
Version: before 8.0.5
Version: before 8.1.5
Version: before 8.2.4
Version: before 8.3.3
Version: before 8.4.2
Version: before 8.5.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.623Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://confluence.atlassian.com/x/Y4hXRg",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jira.atlassian.com/browse/BSERV-13522",
               },
            ],
            title: "CVE Program Container",
         },
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "bitbucket",
                  vendor: "atlassian",
                  versions: [
                     {
                        lessThan: "7.6.19",
                        status: "affected",
                        version: "7.0.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.17.12",
                        status: "affected",
                        version: "7.7.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "7.21.6",
                        status: "affected",
                        version: "7.18.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.0.5",
                        status: "affected",
                        version: "7.22.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.1.5",
                        status: "affected",
                        version: "8.1.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.2.4",
                        status: "affected",
                        version: "8.2.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.3.3",
                        status: "affected",
                        version: "8.3.0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "8.4.2",
                        status: "affected",
                        version: "8.4.0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "HIGH",
                     baseScore: 9.8,
                     baseSeverity: "CRITICAL",
                     confidentialityImpact: "HIGH",
                     integrityImpact: "HIGH",
                     privilegesRequired: "NONE",
                     scope: "UNCHANGED",
                     userInteraction: "NONE",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-43781",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-02T14:27:57.305026Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-77",
                        description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-02T14:56:09.693Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Bitbucket Data Center",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "before 7.0",
                  },
                  {
                     status: "affected",
                     version: "before 7.17.12",
                  },
                  {
                     status: "affected",
                     version: "before 7.21.6",
                  },
                  {
                     status: "affected",
                     version: "before 7.6.19",
                  },
                  {
                     status: "affected",
                     version: "before 8.0.5",
                  },
                  {
                     status: "affected",
                     version: "before 8.1.5",
                  },
                  {
                     status: "affected",
                     version: "before 8.2.4",
                  },
                  {
                     status: "affected",
                     version: "before 8.3.3",
                  },
                  {
                     status: "affected",
                     version: "before 8.4.2",
                  },
                  {
                     status: "affected",
                     version: "before 8.5.0",
                  },
               ],
            },
            {
               product: "Bitbucket Server",
               vendor: "Atlassian",
               versions: [
                  {
                     status: "unaffected",
                     version: "before 7.0",
                  },
                  {
                     status: "affected",
                     version: "before 7.17.12",
                  },
                  {
                     status: "affected",
                     version: "before 7.21.6",
                  },
                  {
                     status: "affected",
                     version: "before 7.6.19",
                  },
                  {
                     status: "affected",
                     version: "before 8.0.5",
                  },
                  {
                     status: "affected",
                     version: "before 8.1.5",
                  },
                  {
                     status: "affected",
                     version: "before 8.2.4",
                  },
                  {
                     status: "affected",
                     version: "before 8.3.3",
                  },
                  {
                     status: "affected",
                     version: "before 8.4.2",
                  },
                  {
                     status: "affected",
                     version: "before 8.5.0",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "https://github.com/Ry0taK",
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "RCE (Remote Code Execution)",
                     lang: "en",
                     type: "RCE (Remote Code Execution)",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-17T00:00:01.210Z",
            orgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            shortName: "atlassian",
         },
         references: [
            {
               url: "https://confluence.atlassian.com/x/Y4hXRg",
            },
            {
               url: "https://jira.atlassian.com/browse/BSERV-13522",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
      assignerShortName: "atlassian",
      cveId: "CVE-2022-43781",
      datePublished: "2022-11-17T00:00:01.210Z",
      dateReserved: "2022-10-26T14:49:11.114Z",
      dateUpdated: "2024-10-02T14:56:09.693Z",
      requesterUserId: "4ceb4895-2afc-4c29-bf72-c2e04b367c52",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}