Every CVE whose affected-product data names Atlassian Bitbucket, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2018-5225 — CVSS 9.9 (critical): In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0…
CVE-2022-43781 — CVSS 9.8 (critical): There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2019-15000 — CVSS 9.8 (critical): The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10…
CVE-2019-3397 — CVSS 9.1 (critical): Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0…
CVE-2019-15012 — CVSS 8.8 (high): Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before…
CVE-2019-15010 — CVSS 8.8 (high): Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11…
CVE-2019-20097 — CVSS 8.8 (high): Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2020-36233 — CVSS 7.8 (high): The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version…
CVE-2017-18087 — CVSS 7.5 (high): The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version…
CVE-2017-18037 — CVSS 6.5 (medium): The git repository tag rest resource in Atlassian Bitbucket Server from version 3.7.0 before 4.14.11 (the fixed version for 4.14.x), from…
CVE-2020-14171 — CVSS 6.5 (medium): Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import…
CVE-2017-18038 — CVSS 5.3 (medium): The repository settings resource in Atlassian Bitbucket Server before version 5.6.0 allows remote attackers to read the first line of…
CVE-2016-4320 — CVSS 4.3 (medium): Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read the first line of an arbitrary file via a directory traversal…
CVE-2017-18088 — CVSS 4.3 (medium): Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0…
CVE-2017-18036 — CVSS 4.3 (medium): The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…
CVE-2020-14170 — CVSS 4.3 (medium): Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal…