Search

Find a vulnerability

Search criteria

    40 vulnerabilities found for bitbucket by atlassian

    CVE-2022-43781 (GCVE-0-2022-43781)

    Vulnerability from nvd – Published: 2022-11-17 00:00 – Updated: 2024-10-02 14:56
    VLAI
    Summary
    There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Unaffected: before 7.0
    Affected: before 7.17.12
    Affected: before 7.21.6
    Affected: before 7.6.19
    Affected: before 8.0.5
    Affected: before 8.1.5
    Affected: before 8.2.4
    Affected: before 8.3.3
    Affected: before 8.4.2
    Affected: before 8.5.0
    Create a notification for this product.
    Atlassian Bitbucket Server Unaffected: before 7.0
    Affected: before 7.17.12
    Affected: before 7.21.6
    Affected: before 7.6.19
    Affected: before 8.0.5
    Affected: before 8.1.5
    Affected: before 8.2.4
    Affected: before 8.3.3
    Affected: before 8.4.2
    Affected: before 8.5.0
    Create a notification for this product.
    atlassian bitbucket Affected: 7.0.0 , < 7.6.19 (custom)
    Affected: 7.7.0 , < 7.17.12 (custom)
    Affected: 7.18.0 , < 7.21.6 (custom)
    Affected: 7.22.0 , < 8.0.5 (custom)
    Affected: 8.1.0 , < 8.1.5 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
    Affected: 8.3.0 , < 8.3.3 (custom)
    Affected: 8.4.0 , < 8.4.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    https://github.com/Ry0taK
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/x/Y4hXRg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13522"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.19",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.12",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.6",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.5",
                    "status": "affected",
                    "version": "7.22.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.5",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.3.3",
                    "status": "affected",
                    "version": "8.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.4.2",
                    "status": "affected",
                    "version": "8.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:27:57.305026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:56:09.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "before 7.0"
                },
                {
                  "status": "affected",
                  "version": "before 7.17.12"
                },
                {
                  "status": "affected",
                  "version": "before 7.21.6"
                },
                {
                  "status": "affected",
                  "version": "before 7.6.19"
                },
                {
                  "status": "affected",
                  "version": "before 8.0.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "before 8.3.3"
                },
                {
                  "status": "affected",
                  "version": "before 8.4.2"
                },
                {
                  "status": "affected",
                  "version": "before 8.5.0"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "before 7.0"
                },
                {
                  "status": "affected",
                  "version": "before 7.17.12"
                },
                {
                  "status": "affected",
                  "version": "before 7.21.6"
                },
                {
                  "status": "affected",
                  "version": "before 7.6.19"
                },
                {
                  "status": "affected",
                  "version": "before 8.0.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "before 8.3.3"
                },
                {
                  "status": "affected",
                  "version": "before 8.4.2"
                },
                {
                  "status": "affected",
                  "version": "before 8.5.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "https://github.com/Ry0taK"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled \u201cAllow public signup\u201d."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-17T00:00:01.210Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/x/Y4hXRg"
            },
            {
              "url": "https://jira.atlassian.com/browse/BSERV-13522"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-43781",
        "datePublished": "2022-11-17T00:00:01.210Z",
        "dateReserved": "2022-10-26T14:49:11.114Z",
        "dateUpdated": "2024-10-02T14:56:09.693Z",
        "requesterUserId": "4ceb4895-2afc-4c29-bf72-c2e04b367c52",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36804 (GCVE-0-2022-36804)

    Vulnerability from nvd – Published: 2022-08-25 05:40 – Updated: 2025-10-21 23:15
    Summary
    Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.17 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.10 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.4 (custom)
    Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.0.3 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.3 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.2 (custom)
    Affected: 8.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.3.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.17 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.10 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.4 (custom)
    Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.0.3 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.3 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.2 (custom)
    Affected: 8.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2022-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:28.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13438"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36804",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:19:10.861167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-09-30",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:36.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-09-30T00:00:00.000Z",
                "value": "CVE-2022-36804 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-24T00:00:00.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://jira.atlassian.com/browse/BSERV-13438"
            },
            {
              "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-36804",
        "datePublished": "2022-08-25T05:40:08.899Z",
        "dateReserved": "2022-07-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:36.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from nvd – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36233 (GCVE-0-2020-36233)

    Vulnerability from nvd – Published: 2021-02-18 15:16 – Updated: 2024-09-16 19:30
    VLAI
    Summary
    The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/BSERV-12753 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/240785 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 6.10.9 (custom)
    Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.4 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.10.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 6.10.9 (custom)
    Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.4 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.10.1 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12753"
              },
              {
                "name": "VU#240785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/240785"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-18T19:06:08.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12753"
            },
            {
              "name": "VU#240785",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/240785"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-02-16T00:00:00",
              "ID": "CVE-2020-36233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12753",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12753"
                },
                {
                  "name": "VU#240785",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/240785"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36233",
        "datePublished": "2021-02-18T15:16:22.101Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:12.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14171 (GCVE-0-2020-14171)

    Vulnerability from nvd – Published: 2020-07-09 17:17 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
    Severity
    No CVSS data available.
    CWE
    • Man-in-the-Middle (MITM)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.9.0 , < unspecified (custom)
    Affected: unspecified , < 7.2.4 (custom)
    Create a notification for this product.
    Date Public
    2020-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Man-in-the-Middle (MITM)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T17:17:29.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-09T00:00:00",
              "ID": "CVE-2020-14171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Man-in-the-Middle (MITM)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12434",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14171",
        "datePublished": "2020-07-09T17:17:29.210Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:36.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14170 (GCVE-0-2020-14170)

    Vulnerability from nvd – Published: 2020-07-09 17:20 – Updated: 2024-09-17 04:09
    VLAI
    Summary
    Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Server Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 5.4.0 , < unspecified (custom)
    Affected: unspecified , < 7.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T17:20:48.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-09T00:00:00",
              "ID": "CVE-2020-14170",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12433",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14170",
        "datePublished": "2020-07-09T17:20:48.079Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:09:37.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20097 (GCVE-0-2019-20097)

    Vulnerability from nvd – Published: 2020-01-15 20:46 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 1.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 1.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:32:10.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12099"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12099"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-20097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12099",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12099"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-20097",
        "datePublished": "2020-01-15T20:46:56.225Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:48.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15012 (GCVE-0-2019-15012)

    Vulnerability from nvd – Published: 2020-01-15 20:46 – Updated: 2024-09-17 04:24
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.
    Severity
    No CVSS data available.
    CWE
    • Path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.13 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 4.13 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12100"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-15012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12100",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12100"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15012",
        "datePublished": "2020-01-15T20:46:56.181Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:12.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15010 (GCVE-0-2019-15010)

    Vulnerability from nvd – Published: 2020-01-15 20:46 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.
    Severity
    No CVSS data available.
    CWE
    • Expression Language Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 3.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 3.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Expression Language Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-15010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Expression Language Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12098",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15010",
        "datePublished": "2020-01-15T20:46:56.108Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:09.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15005 (GCVE-0-2019-15005)

    Vulnerability from nvd – Published: 2019-11-08 03:55 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.
    Severity
    No CVSS data available.
    CWE
    • Improper Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 6.6.0 (custom)
    Create a notification for this product.
    Atlassian Jira Server Affected: unspecified , < 8.3.2 (custom)
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Atlassian Crowd Affected: unspecified , < 3.6.0 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.7.2 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.7.2 (custom)
    Create a notification for this product.
    Atlassian Bamboo Affected: unspecified , < 6.10.2 (custom)
    Create a notification for this product.
    Date Public
    2019-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-20647"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crowd",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T20:44:03.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-20647"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-08T00:00:00",
              "ID": "CVE-2019-15005",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-20647",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-20647"
                },
                {
                  "name": "https://herolab.usd.de/security-advisories/usd-2019-0016/",
                  "refsource": "MISC",
                  "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15005",
        "datePublished": "2019-11-08T03:55:12.611Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:42.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15000 (GCVE-0-2019-15000)

    Vulnerability from nvd – Published: 2019-09-19 14:24 – Updated: 2024-09-17 01:41
    VLAI
    Summary
    The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 5.16.10 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.10 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.8 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.6 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.5 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.3 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.2 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 5.16.10 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.10 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.8 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.6 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.5 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.3 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.2 (custom)
    Create a notification for this product.
    Date Public
    2019-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-11947"
              },
              {
                "name": "20190925 Bitbucket Server security advisory 2019-09-18",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/43"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "5.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "5.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T19:06:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-11947"
            },
            {
              "name": "20190925 Bitbucket Server security advisory 2019-09-18",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/43"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-09-18T00:00:00",
              "ID": "CVE-2019-15000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-11947",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-11947"
                },
                {
                  "name": "20190925 Bitbucket Server security advisory 2019-09-18",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/43"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15000",
        "datePublished": "2019-09-19T14:24:38.322Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:56.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3397 (GCVE-0-2019-3397)

    Vulnerability from nvd – Published: 2019-06-03 13:44 – Updated: 2024-09-16 17:47
    VLAI
    Summary
    Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 5.13.0 , < unspecified (custom)
    Affected: unspecified , < 5.13.6 (custom)
    Affected: 5.14.0 , < unspecified (custom)
    Affected: unspecified , < 5.14.4 (custom)
    Affected: 5.15.0 , < unspecified (custom)
    Affected: unspecified , < 5.15.3 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.3 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.2 (custom)
    Create a notification for this product.
    Date Public
    2019-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-11706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.13.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.14.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.15.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-03T13:44:05.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-11706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-05-22T10:00:00",
              "ID": "CVE-2019-3397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.13.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.13.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.14.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.15.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-11706",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-11706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-3397",
        "datePublished": "2019-06-03T13:44:05.862Z",
        "dateReserved": "2018-12-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:47:59.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5225 (GCVE-0-2018-5225)

    Vulnerability from nvd – Published: 2018-03-22 13:00 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.13.0 , < unspecified (custom)
    Affected: unspecified , < 5.4.8 (custom)
    Affected: 5.5.0 , < unspecified (custom)
    Affected: unspecified , < 5.5.8 (custom)
    Affected: 5.6.0 , < unspecified (custom)
    Affected: unspecified , < 5.6.5 (custom)
    Affected: 5.7.0 , < unspecified (custom)
    Affected: unspecified , < 5.7.3 (custom)
    Affected: 5.8.0 , < unspecified (custom)
    Affected: unspecified , < 5.8.2 (custom)
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:42.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-10684"
              },
              {
                "name": "103488",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103488"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/x/3WNsO"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.5.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.6.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-26T20:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-10684"
            },
            {
              "name": "103488",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103488"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/x/3WNsO"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-03-22T10:00:00",
              "ID": "CVE-2018-5225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.4.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.5.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.6.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-10684",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/BSERV-10684"
                },
                {
                  "name": "103488",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103488"
                },
                {
                  "name": "https://confluence.atlassian.com/x/3WNsO",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/x/3WNsO"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-5225",
        "datePublished": "2018-03-22T13:00:00.000Z",
        "dateReserved": "2018-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:04.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18088 (GCVE-0-2017-18088)

    Vulnerability from nvd – Published: 2018-02-15 13:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/103040 vdb-entryx_refsource_BID
    https://jira.atlassian.com/browse/BSERV-10594 x_refsource_CONFIRM
    Date Public
    2018-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:47.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103040",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103040"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-10594"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "name": "103040",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103040"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-10594"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "ID": "CVE-2017-18088",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103040",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103040"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-10594",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/BSERV-10594"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-18088",
        "datePublished": "2018-02-15T13:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:47.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18087 (GCVE-0-2017-18087)

    Vulnerability from nvd – Published: 2018-02-15 13:00 – Updated: 2024-09-17 01:56
    VLAI
    Summary
    The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/103038 vdb-entryx_refsource_BID
    https://jira.atlassian.com/browse/BSERV-10593 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: from 5.1.0 prior to 5.1.7
    Affected: from 5.2.0 prior to 5.2.5
    Affected: from 5.3.0 prior to 5.3.3
    Affected: from 5.4.0 prior to 5.4.1
    Create a notification for this product.
    Date Public
    2018-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:48.134Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "103038",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103038"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-10593"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "from 5.1.0 prior to 5.1.7"
                },
                {
                  "status": "affected",
                  "version": "from 5.2.0 prior to 5.2.5"
                },
                {
                  "status": "affected",
                  "version": "from 5.3.0 prior to 5.3.3"
                },
                {
                  "status": "affected",
                  "version": "from 5.4.0 prior to 5.4.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T10:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "name": "103038",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103038"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-10593"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-02-15T00:00:00",
              "ID": "CVE-2017-18087",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "from 5.1.0 prior to 5.1.7"
                              },
                              {
                                "version_value": "from 5.2.0 prior to 5.2.5"
                              },
                              {
                                "version_value": "from 5.3.0 prior to 5.3.3"
                              },
                              {
                                "version_value": "from 5.4.0 prior to 5.4.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them to gain code execution, exploit CVE-2017-1000117 if a vulnerable version of git is in use, and or determine if an internal service exists via an argument injection vulnerability in the at parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "103038",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103038"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-10593",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/BSERV-10593"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2017-18087",
        "datePublished": "2018-02-15T13:00:00.000Z",
        "dateReserved": "2018-02-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:56:57.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-43781 (GCVE-0-2022-43781)

    Vulnerability from cvelistv5 – Published: 2022-11-17 00:00 – Updated: 2024-10-02 14:56
    VLAI
    Summary
    There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Unaffected: before 7.0
    Affected: before 7.17.12
    Affected: before 7.21.6
    Affected: before 7.6.19
    Affected: before 8.0.5
    Affected: before 8.1.5
    Affected: before 8.2.4
    Affected: before 8.3.3
    Affected: before 8.4.2
    Affected: before 8.5.0
    Create a notification for this product.
    Atlassian Bitbucket Server Unaffected: before 7.0
    Affected: before 7.17.12
    Affected: before 7.21.6
    Affected: before 7.6.19
    Affected: before 8.0.5
    Affected: before 8.1.5
    Affected: before 8.2.4
    Affected: before 8.3.3
    Affected: before 8.4.2
    Affected: before 8.5.0
    Create a notification for this product.
    atlassian bitbucket Affected: 7.0.0 , < 7.6.19 (custom)
    Affected: 7.7.0 , < 7.17.12 (custom)
    Affected: 7.18.0 , < 7.21.6 (custom)
    Affected: 7.22.0 , < 8.0.5 (custom)
    Affected: 8.1.0 , < 8.1.5 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
    Affected: 8.3.0 , < 8.3.3 (custom)
    Affected: 8.4.0 , < 8.4.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    https://github.com/Ry0taK
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T13:40:06.623Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/x/Y4hXRg"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13522"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.19",
                    "status": "affected",
                    "version": "7.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.12",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.6",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.5",
                    "status": "affected",
                    "version": "7.22.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.5",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.3.3",
                    "status": "affected",
                    "version": "8.3.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.4.2",
                    "status": "affected",
                    "version": "8.4.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-43781",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T14:27:57.305026Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T14:56:09.693Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "before 7.0"
                },
                {
                  "status": "affected",
                  "version": "before 7.17.12"
                },
                {
                  "status": "affected",
                  "version": "before 7.21.6"
                },
                {
                  "status": "affected",
                  "version": "before 7.6.19"
                },
                {
                  "status": "affected",
                  "version": "before 8.0.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "before 8.3.3"
                },
                {
                  "status": "affected",
                  "version": "before 8.4.2"
                },
                {
                  "status": "affected",
                  "version": "before 8.5.0"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "before 7.0"
                },
                {
                  "status": "affected",
                  "version": "before 7.17.12"
                },
                {
                  "status": "affected",
                  "version": "before 7.21.6"
                },
                {
                  "status": "affected",
                  "version": "before 7.6.19"
                },
                {
                  "status": "affected",
                  "version": "before 8.0.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "before 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "before 8.3.3"
                },
                {
                  "status": "affected",
                  "version": "before 8.4.2"
                },
                {
                  "status": "affected",
                  "version": "before 8.5.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "https://github.com/Ry0taK"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled \u201cAllow public signup\u201d."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-11-17T00:00:01.210Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/x/Y4hXRg"
            },
            {
              "url": "https://jira.atlassian.com/browse/BSERV-13522"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-43781",
        "datePublished": "2022-11-17T00:00:01.210Z",
        "dateReserved": "2022-10-26T14:49:11.114Z",
        "dateUpdated": "2024-10-02T14:56:09.693Z",
        "requesterUserId": "4ceb4895-2afc-4c29-bf72-c2e04b367c52",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-36804 (GCVE-0-2022-36804)

    Vulnerability from cvelistv5 – Published: 2022-08-25 05:40 – Updated: 2025-10-21 23:15
    Summary
    Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.17 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.10 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.4 (custom)
    Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.0.3 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.3 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.2 (custom)
    Affected: 8.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.3.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.17 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.10 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.4 (custom)
    Affected: 8.0.0 , < unspecified (custom)
    Affected: unspecified , < 8.0.3 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.3 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.2 (custom)
    Affected: 8.3.0 , < unspecified (custom)
    Affected: unspecified , < 8.3.1 (custom)
    Create a notification for this product.
    Date Public
    2022-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:14:28.471Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13438"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36804",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-29T16:19:10.861167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-09-30",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-78",
                    "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              },
              {
                "descriptions": [
                  {
                    "cweId": "CWE-88",
                    "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:15:36.273Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-09-30T00:00:00.000Z",
                "value": "CVE-2022-36804 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-24T00:00:00.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://jira.atlassian.com/browse/BSERV-13438"
            },
            {
              "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-36804",
        "datePublished": "2022-08-25T05:40:08.899Z",
        "dateReserved": "2022-07-26T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:15:36.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26137 (GCVE-0-2022-26137)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 17:10
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.1 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.614Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.1",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26137",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T16:48:52.174175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T17:10:16.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:23.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victim\u2019s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26137",
        "datePublished": "2022-07-20T17:25:23.603Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T17:10:16.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26136 (GCVE-0-2022-26136)

    Vulnerability from cvelistv5 – Published: 2022-07-20 17:25 – Updated: 2024-10-03 16:43
    VLAI
    Summary
    A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bamboo Server Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bamboo Data Center Affected: unspecified , < 8.0.9 (custom)
    Affected: 8.1.0 , < unspecified (custom)
    Affected: unspecified , < 8.1.8 (custom)
    Affected: 8.2.0 , < unspecified (custom)
    Affected: unspecified , < 8.2.4 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Server Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 7.6.16 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.8 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.5 (custom)
    Affected: 7.20.0 , < unspecified (custom)
    Affected: unspecified , < 7.20.2 (custom)
    Affected: 7.21.0 , < unspecified (custom)
    Affected: unspecified , < 7.21.2 (custom)
    Affected: 8.0.0
    Affected: 8.1.0
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Confluence Data Center Affected: unspecified , < 7.4.17 (custom)
    Affected: 7.5.0 , < unspecified (custom)
    Affected: unspecified , < 7.13.7 (custom)
    Affected: 7.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.14.3 (custom)
    Affected: 7.15.0 , < unspecified (custom)
    Affected: unspecified , < 7.15.2 (custom)
    Affected: 7.16.0 , < unspecified (custom)
    Affected: unspecified , < 7.16.4 (custom)
    Affected: 7.17.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.4 (custom)
    Affected: 7.18.0
    Create a notification for this product.
    Atlassian Crowd Server Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crowd Data Center Affected: unspecified , < 4.3.8 (custom)
    Affected: 4.4.0 , < unspecified (custom)
    Affected: unspecified , < 4.4.2 (custom)
    Affected: 5.0.0
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.8.10 (custom)
    Create a notification for this product.
    Atlassian Jira Core Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Server Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Software Data Center Affected: unspecified , < 8.13.22 (custom)
    Affected: 8.14.0 , < unspecified (custom)
    Affected: unspecified , < 8.20.10 (custom)
    Affected: 8.21.0 , < unspecified (custom)
    Affected: unspecified , < 8.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Server Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    Atlassian Jira Service Management Data Center Affected: unspecified , < 4.13.22 (custom)
    Affected: 4.14.0 , < unspecified (custom)
    Affected: unspecified , < 4.20.10 (custom)
    Affected: 4.21.0 , < unspecified (custom)
    Affected: unspecified , < 4.22.4 (custom)
    Create a notification for this product.
    atlassian bamboo Affected: 7.2.0 , < 7.2.10 (custom)
    Affected: 8.0.0 , < 8.0.9 (custom)
    Affected: 8.1.0 , < 8.1.8 (custom)
    Affected: 8.2.0 , < 8.2.4 (custom)
        cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 0 , < 7.6.16 (custom)
    Affected: 7.7.0 , < 7.17.8 (custom)
    Affected: 7.18.0 , < 7.19.5 (custom)
    Affected: 7.20.0 , < 7.20.2 (custom)
    Affected: 7.21.0 , < 7.21.2 (custom)
        cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket Affected: 8.0.0
    Affected: 8.1.0
        cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*
        cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_data_center Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 0 , < 7.4.17 (custom)
    Affected: 7.5.0 , < 7.13.7 (custom)
    Affected: 7.14.0 , < 7.14.3 (custom)
    Affected: 7.15.0 , < 7.15.2 (custom)
    Affected: 7.16.0 , < 7.16.4 (custom)
    Affected: 7.17.0 , < 7.17.4 (custom)
        cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian confluence_server Affected: 7.18.0
        cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 0 , < 4.3.8 (custom)
    Affected: 4.4.0 , < 4.4.2 (custom)
        cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crowd Affected: 5.0.0
        cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian crucible Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian fisheye Affected: 0 , < 4.8.10 (custom)
        cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_data_center Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_server Affected: 8.13.0 , < 8.13.22 (custom)
    Affected: 8.14.0 , < 8.20.10 (custom)
    Affected: 8.21.0 , < 8.22.4 (custom)
        cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*
    Create a notification for this product.
    atlassian jira_service_desk Affected: 0 , < 4.13.22 (custom)
        cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*
    Create a notification for this product.
    atlassian jira_service_management Affected: 4.14.0 , < 4.20.10 (custom)
    Affected: 4.21.0 , < 4.22.4 (custom)
        cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*
    Create a notification for this product.
    Date Public
    2022-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.592Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-21795"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13370"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CWD-5815"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/FE-7410"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/CRUC-8541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bamboo",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.2.10",
                    "status": "affected",
                    "version": "7.2.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.0.9",
                    "status": "affected",
                    "version": "8.0.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.1.8",
                    "status": "affected",
                    "version": "8.1.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.2.4",
                    "status": "affected",
                    "version": "8.2.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.16",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.8",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.5",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.20.2",
                    "status": "affected",
                    "version": "7.20.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.21.2",
                    "status": "affected",
                    "version": "7.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket:8.0.0:*:*:*:*:*:*:*",
                  "cpe:2.3:a:atlassian:bitbucket:8.1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "8.0.0"
                  },
                  {
                    "status": "affected",
                    "version": "8.1.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.4.17",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.13.7",
                    "status": "affected",
                    "version": "7.5.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.14.3",
                    "status": "affected",
                    "version": "7.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.15.2",
                    "status": "affected",
                    "version": "7.15.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.16.4",
                    "status": "affected",
                    "version": "7.16.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.4",
                    "status": "affected",
                    "version": "7.17.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "confluence_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.18.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.3.8",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.4.2",
                    "status": "affected",
                    "version": "4.4.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crowd:5.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crowd",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "5.0.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:crucible:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "crucible",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:fisheye:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fisheye",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.8.10",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_server",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "8.13.22",
                    "status": "affected",
                    "version": "8.13.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.20.10",
                    "status": "affected",
                    "version": "8.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "8.22.4",
                    "status": "affected",
                    "version": "8.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_desk:-:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_desk",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.13.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jira_service_management",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "4.20.10",
                    "status": "affected",
                    "version": "4.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "4.22.4",
                    "status": "affected",
                    "version": "4.21.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26136",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T15:26:49.090400Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T16:43:16.268Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bamboo Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.0.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.6.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.20.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.21.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "8.0.0"
                },
                {
                  "status": "affected",
                  "version": "8.1.0"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Confluence Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.4.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.13.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.14.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.15.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.16.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.16.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.17.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.18.0"
                }
              ]
            },
            {
              "product": "Crowd Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crowd Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.3.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.4.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "5.0.0"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.8.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Core Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Software Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "8.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "8.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Service Management Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.13.22",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.20.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.21.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.22.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-180",
                  "description": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180).",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-20T17:25:18.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-21795"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13370"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CWD-5815"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/FE-7410"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/CRUC-8541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-07-20T00:00:00",
              "ID": "CVE-2022-26136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bamboo Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.0.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.2.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.16"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.20.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.20.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.21.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.0.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.1.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.4.17"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.13.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.14.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.15.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.16.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.16.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.17.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.18.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.3.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.4.2"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "5.0.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.8.10"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Core Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Software Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "8.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Service Management Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.13.22"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.20.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.21.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.22.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Behavior Order: Validate Before Canonicalize (CWE-180)."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-21795",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-21795"
                },
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13370",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13370"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CONFSERVER-79476",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CONFSERVER-79476"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CWD-5815",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CWD-5815"
                },
                {
                  "name": "https://jira.atlassian.com/browse/FE-7410",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/FE-7410"
                },
                {
                  "name": "https://jira.atlassian.com/browse/CRUC-8541",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/CRUC-8541"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JRASERVER-73897",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JRASERVER-73897"
                },
                {
                  "name": "https://jira.atlassian.com/browse/JSDSERVER-11863",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/JSDSERVER-11863"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26136",
        "datePublished": "2022-07-20T17:25:18.803Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T16:43:16.268Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-36233 (GCVE-0-2020-36233)

    Vulnerability from cvelistv5 – Published: 2021-02-18 15:16 – Updated: 2024-09-16 19:30
    VLAI
    Summary
    The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
    Severity
    No CVSS data available.
    CWE
    • Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    URL Tags
    https://jira.atlassian.com/browse/BSERV-12753 x_refsource_MISC
    https://www.kb.cert.org/vuls/id/240785 third-party-advisoryx_refsource_CERT-VN
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 6.10.9 (custom)
    Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.4 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.10.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 6.10.9 (custom)
    Affected: 7.0.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.4 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.10.1 (custom)
    Create a notification for this product.
    Date Public
    2021-02-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:23:09.677Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12753"
              },
              {
                "name": "VU#240785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/240785"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.10.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-02-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-18T19:06:08.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12753"
            },
            {
              "name": "VU#240785",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/240785"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2021-02-16T00:00:00",
              "ID": "CVE-2020-36233",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.10.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.10.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Incorrect Permission Assignment for Critical Resource"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12753",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12753"
                },
                {
                  "name": "VU#240785",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/240785"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-36233",
        "datePublished": "2021-02-18T15:16:22.101Z",
        "dateReserved": "2021-01-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:12.974Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14170 (GCVE-0-2020-14170)

    Vulnerability from cvelistv5 – Published: 2020-07-09 17:20 – Updated: 2024-09-17 04:09
    VLAI
    Summary
    Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
    Severity
    No CVSS data available.
    CWE
    • Server Side Request Forgery (SSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 5.4.0 , < unspecified (custom)
    Affected: unspecified , < 7.3.1 (custom)
    Create a notification for this product.
    Date Public
    2020-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.189Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12433"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Server Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T17:20:48.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12433"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-09T00:00:00",
              "ID": "CVE-2020-14170",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Server Side Request Forgery (SSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12433",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12433"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14170",
        "datePublished": "2020-07-09T17:20:48.079Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:09:37.826Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-14171 (GCVE-0-2020-14171)

    Vulnerability from cvelistv5 – Published: 2020-07-09 17:17 – Updated: 2024-09-17 02:01
    VLAI
    Summary
    Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.
    Severity
    No CVSS data available.
    CWE
    • Man-in-the-Middle (MITM)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.9.0 , < unspecified (custom)
    Affected: unspecified , < 7.2.4 (custom)
    Create a notification for this product.
    Date Public
    2020-07-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T12:39:36.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12434"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.2.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-07-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Man-in-the-Middle (MITM)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T17:17:29.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12434"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-07-09T00:00:00",
              "ID": "CVE-2020-14171",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Man-in-the-Middle (MITM)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12434",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12434"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2020-14171",
        "datePublished": "2020-07-09T17:17:29.210Z",
        "dateReserved": "2020-06-16T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:01:36.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-20097 (GCVE-0-2019-20097)

    Vulnerability from cvelistv5 – Published: 2020-01-15 20:46 – Updated: 2024-09-16 18:48
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 1.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 1.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T02:32:10.612Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12099"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12099"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-20097",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12099",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12099"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-20097",
        "datePublished": "2020-01-15T20:46:56.225Z",
        "dateReserved": "2019-12-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:48:48.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15012 (GCVE-0-2019-15012)

    Vulnerability from cvelistv5 – Published: 2020-01-15 20:46 – Updated: 2024-09-17 04:24
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance.
    Severity
    No CVSS data available.
    CWE
    • Path traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.13 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 4.13 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12100"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12100"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-15012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12100",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12100"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15012",
        "datePublished": "2020-01-15T20:46:56.181Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:24:12.976Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15010 (GCVE-0-2019-15010)

    Vulnerability from cvelistv5 – Published: 2020-01-15 20:46 – Updated: 2024-09-16 22:56
    VLAI
    Summary
    Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance.
    Severity
    No CVSS data available.
    CWE
    • Expression Language Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 3.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: 3.0 , < unspecified (custom)
    Affected: unspecified , < 5.16.11 (custom)
    Affected: 6.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.11 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.9 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.7 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.6 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.4 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.3 (custom)
    Affected: 6.6.0 , < unspecified (custom)
    Affected: unspecified , < 6.6.3 (custom)
    Affected: 6.7.0 , < unspecified (custom)
    Affected: unspecified , < 6.7.3 (custom)
    Affected: 6.8.0 , < unspecified (custom)
    Affected: unspecified , < 6.8.2 (custom)
    Affected: 6.9.0 , < unspecified (custom)
    Affected: unspecified , < 6.9.1 (custom)
    Create a notification for this product.
    Date Public
    2020-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.027Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-12098"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.16.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.9",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.9.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Expression Language Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-15T20:46:56.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-12098"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2020-01-15T10:00:00",
              "ID": "CVE-2019-15010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.11"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.9"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.7"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.8.2"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.9.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.9.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim\u0027s systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim\u0027s Bitbucket Server or Bitbucket Data Center instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Expression Language Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-12098",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-12098"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15010",
        "datePublished": "2020-01-15T20:46:56.108Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:09.402Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15005 (GCVE-0-2019-15005)

    Vulnerability from cvelistv5 – Published: 2019-11-08 03:55 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2.
    Severity
    No CVSS data available.
    CWE
    • Improper Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 6.6.0 (custom)
    Create a notification for this product.
    Atlassian Jira Server Affected: unspecified , < 8.3.2 (custom)
    Create a notification for this product.
    Atlassian Confluence Server Affected: unspecified , < 7.0.1 (custom)
    Create a notification for this product.
    Atlassian Crowd Affected: unspecified , < 3.6.0 (custom)
    Create a notification for this product.
    Atlassian Fisheye Affected: unspecified , < 4.7.2 (custom)
    Create a notification for this product.
    Atlassian Crucible Affected: unspecified , < 4.7.2 (custom)
    Create a notification for this product.
    Atlassian Bamboo Affected: unspecified , < 6.10.2 (custom)
    Create a notification for this product.
    Date Public
    2019-11-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:53.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BAM-20647"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Jira Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "8.3.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Confluence Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "7.0.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crowd",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "3.6.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Fisheye",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Crucible",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "4.7.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bamboo",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "6.10.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T20:44:03.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BAM-20647"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-11-08T00:00:00",
              "ID": "CVE-2019-15005",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Jira Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "8.3.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Confluence Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.0.1"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crowd",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "3.6.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Fisheye",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Crucible",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "4.7.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bamboo",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.10.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may contain configuration information about the application that the plugin is installed into. A vulnerable version of the plugin is included with Bitbucket Server / Data Center before 6.6.0, Confluence Server / Data Center before 7.0.1, Jira Server / Data Center before 8.3.2, Crowd / Crowd Data Center before 3.6.0, Fisheye before 4.7.2, Crucible before 4.7.2, and Bamboo before 6.10.2."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BAM-20647",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BAM-20647"
                },
                {
                  "name": "https://herolab.usd.de/security-advisories/usd-2019-0016/",
                  "refsource": "MISC",
                  "url": "https://herolab.usd.de/security-advisories/usd-2019-0016/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15005",
        "datePublished": "2019-11-08T03:55:12.611Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:42.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-15000 (GCVE-0-2019-15000)

    Vulnerability from cvelistv5 – Published: 2019-09-19 14:24 – Updated: 2024-09-17 01:41
    VLAI
    Summary
    The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.
    Severity
    No CVSS data available.
    CWE
    • Argument Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: unspecified , < 5.16.10 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.10 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.8 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.6 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.5 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.3 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.2 (custom)
    Create a notification for this product.
    Atlassian Bitbucket Data Center Affected: unspecified , < 5.16.10 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.10 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.8 (custom)
    Affected: 6.2.0 , < unspecified (custom)
    Affected: unspecified , < 6.2.6 (custom)
    Affected: 6.3.0 , < unspecified (custom)
    Affected: unspecified , < 6.3.5 (custom)
    Affected: 6.4.0 , < unspecified (custom)
    Affected: unspecified , < 6.4.3 (custom)
    Affected: 6.5.0 , < unspecified (custom)
    Affected: unspecified , < 6.5.2 (custom)
    Create a notification for this product.
    Date Public
    2019-09-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T00:34:52.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-11947"
              },
              {
                "name": "20190925 Bitbucket Server security advisory 2019-09-18",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Sep/43"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "5.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "5.16.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.10",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-09-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Argument Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-25T19:06:12.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-11947"
            },
            {
              "name": "20190925 Bitbucket Server security advisory 2019-09-18",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/Sep/43"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-09-18T00:00:00",
              "ID": "CVE-2019-15000",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.16.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.10"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.2.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.2.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.3.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.3.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.4.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.4.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.5.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Argument Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-11947",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-11947"
                },
                {
                  "name": "20190925 Bitbucket Server security advisory 2019-09-18",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/Sep/43"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Injection.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-15000",
        "datePublished": "2019-09-19T14:24:38.322Z",
        "dateReserved": "2019-08-13T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:56.351Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3397 (GCVE-0-2019-3397)

    Vulnerability from cvelistv5 – Published: 2019-06-03 13:44 – Updated: 2024-09-16 17:47
    VLAI
    Summary
    Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.
    Severity
    No CVSS data available.
    CWE
    • Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 5.13.0 , < unspecified (custom)
    Affected: unspecified , < 5.13.6 (custom)
    Affected: 5.14.0 , < unspecified (custom)
    Affected: unspecified , < 5.14.4 (custom)
    Affected: 5.15.0 , < unspecified (custom)
    Affected: unspecified , < 5.15.3 (custom)
    Affected: 6.0.0 , < unspecified (custom)
    Affected: unspecified , < 6.0.3 (custom)
    Affected: 6.1.0 , < unspecified (custom)
    Affected: unspecified , < 6.1.2 (custom)
    Create a notification for this product.
    Date Public
    2019-05-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-11706"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.13.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.14.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.15.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.15.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-05-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Path Traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-03T13:44:05.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-11706"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2019-05-22T10:00:00",
              "ID": "CVE-2019-3397",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.13.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.13.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.14.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.15.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.15.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.0.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.0.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "6.1.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "6.1.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-11706",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-11706"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2019-3397",
        "datePublished": "2019-06-03T13:44:05.862Z",
        "dateReserved": "2018-12-19T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:47:59.258Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5225 (GCVE-0-2018-5225)

    Vulnerability from cvelistv5 – Published: 2018-03-22 13:00 – Updated: 2024-09-16 18:49
    VLAI
    Summary
    In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Server Affected: 4.13.0 , < unspecified (custom)
    Affected: unspecified , < 5.4.8 (custom)
    Affected: 5.5.0 , < unspecified (custom)
    Affected: unspecified , < 5.5.8 (custom)
    Affected: 5.6.0 , < unspecified (custom)
    Affected: unspecified , < 5.6.5 (custom)
    Affected: 5.7.0 , < unspecified (custom)
    Affected: unspecified , < 5.7.3 (custom)
    Affected: 5.8.0 , < unspecified (custom)
    Affected: unspecified , < 5.8.2 (custom)
    Create a notification for this product.
    Date Public
    2018-03-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:42.723Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-10684"
              },
              {
                "name": "103488",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103488"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/x/3WNsO"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "4.13.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.4.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.5.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.6.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.7.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.8.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.8.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-03-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-26T20:57:01.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-10684"
            },
            {
              "name": "103488",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103488"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://confluence.atlassian.com/x/3WNsO"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2018-03-22T10:00:00",
              "ID": "CVE-2018-5225",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Server",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "4.13.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.4.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.5.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.5.8"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.6.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.6.5"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.7.3"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.8.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "5.8.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5 (the fixed version for 5.6.x), 5.7.0 before 5.7.3 (the fixed version for 5.7.x), and 5.8.0 before 5.8.2 (the fixed version for 5.8.x), allows authenticated users to gain remote code execution using the in browser editing feature via editing a symbolic link within a repository."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-10684",
                  "refsource": "CONFIRM",
                  "url": "https://jira.atlassian.com/browse/BSERV-10684"
                },
                {
                  "name": "103488",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103488"
                },
                {
                  "name": "https://confluence.atlassian.com/x/3WNsO",
                  "refsource": "CONFIRM",
                  "url": "https://confluence.atlassian.com/x/3WNsO"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2018-5225",
        "datePublished": "2018-03-22T13:00:00.000Z",
        "dateReserved": "2018-01-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:49:04.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }