Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for bitbucket_data_center by atlassian

    CVE-2024-21684 (GCVE-0-2024-21684)

    Vulnerability from nvd – Published: 2024-07-24 18:00 – Updated: 2024-11-05 19:19
    VLAI
    Summary
    There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Open Redirect
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 8.19.1
    Affected: 8.9.0 to 8.9.12
    Affected: 8.8.0 to 8.8.7
    Affected: 8.7.0 to 8.7.5
    Affected: 8.6.0 to 8.6.4
    Affected: 8.5.0 to 8.5.4
    Affected: 8.4.0 to 8.4.4
    Affected: 8.3.0 to 8.3.4
    Affected: 8.2.2 to 8.2.4
    Affected: 8.1.3 to 8.1.5
    Affected: 8.0.3 to 8.0.5
    Unaffected: 8.19.2 to 8.19.6
    Unaffected: 8.9.13 to 8.9.17
    Create a notification for this product.
    Credits
    Taha YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21684",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T18:45:18.293627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T19:19:43.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-19454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.19.1"
                },
                {
                  "status": "affected",
                  "version": "8.9.0 to 8.9.12"
                },
                {
                  "status": "affected",
                  "version": "8.8.0 to 8.8.7"
                },
                {
                  "status": "affected",
                  "version": "8.7.0 to 8.7.5"
                },
                {
                  "status": "affected",
                  "version": "8.6.0 to 8.6.4"
                },
                {
                  "status": "affected",
                  "version": "8.5.0 to 8.5.4"
                },
                {
                  "status": "affected",
                  "version": "8.4.0 to 8.4.4"
                },
                {
                  "status": "affected",
                  "version": "8.3.0 to 8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.2.2 to 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "8.1.3 to 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.3 to 8.0.5"
                },
                {
                  "status": "unaffected",
                  "version": "8.19.2 to 8.19.6"
                },
                {
                  "status": "unaffected",
                  "version": "8.9.13 to 8.9.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Taha YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2.\n\nThis open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.\n\nAtlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the  supported fixed versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "Open Redirect"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-24T18:00:02.553Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://jira.atlassian.com/browse/BSERV-19454"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21684",
        "datePublished": "2024-07-24T18:00:01.656Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2024-11-05T19:19:43.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22513 (GCVE-0-2023-22513)

    Vulnerability from nvd – Published: 2023-09-19 17:00 – Updated: 2025-03-06 15:44
    VLAI
    Summary
    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Unaffected: < 8.0.0
    Affected: >= 8.0.0
    Affected: >= 8.1.0
    Affected: >= 8.10.0
    Affected: >= 8.11.0
    Affected: >= 8.12.0
    Affected: >= 8.13.0
    Affected: >= 8.2.0
    Affected: >= 8.3.0
    Affected: >= 8.4.0
    Affected: >= 8.5.0
    Affected: >= 8.6.0
    Affected: >= 8.7.0
    Affected: >= 8.8.0
    Affected: >= 8.9.0
    Unaffected: >= 8.10.5
    Unaffected: >= 8.11.4
    Unaffected: >= 8.12.2
    Unaffected: >= 8.13.1
    Unaffected: >= 8.14.0
    Unaffected: >= 8.9.5
    Create a notification for this product.
    Atlassian Bitbucket Server Unaffected: < 8.0.0
    Affected: >= 8.0.0
    Affected: >= 8.1.0
    Affected: >= 8.10.0
    Affected: >= 8.11.0
    Affected: >= 8.12.0
    Affected: >= 8.13.0
    Affected: >= 8.2.0
    Affected: >= 8.3.0
    Affected: >= 8.4.0
    Affected: >= 8.5.0
    Affected: >= 8.6.0
    Affected: >= 8.7.0
    Affected: >= 8.8.0
    Affected: >= 8.9.0
    Unaffected: >= 8.10.5
    Unaffected: >= 8.11.4
    Unaffected: >= 8.12.2
    Unaffected: >= 8.13.1
    Unaffected: >= 8.14.0
    Unaffected: >= 8.9.5
    Create a notification for this product.
    Credits
    a private user
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:48.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-14419"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T15:27:08.376997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T15:44:37.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.10.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.12.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.13.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.9.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.10.5"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.11.4"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.12.2"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.13.1"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.14.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.9.5"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.10.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.12.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.13.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.9.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.10.5"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.11.4"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.12.2"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.13.1"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.14.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.9.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "a private user"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version \u003e= 8.0 and \u003c 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T18:30:00.597Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
            },
            {
              "url": "https://jira.atlassian.com/browse/BSERV-14419"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2023-22513",
        "datePublished": "2023-09-19T17:00:00.980Z",
        "dateReserved": "2023-01-01T00:01:22.330Z",
        "dateUpdated": "2025-03-06T15:44:37.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26133 (GCVE-0-2022-26133)

    Vulnerability from nvd – Published: 2022-04-20 18:30 – Updated: 2024-10-03 14:55
    VLAI
    Summary
    SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Deserialization of untrusted data
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 5.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.14 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.6 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.18.4 (custom)
    Affected: 7.19.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.4 (custom)
    Affected: 7.20.0
    Create a notification for this product.
    atlassian bitbucket_data_center Affected: 5.14.0 , < 7.6.14 (custom)
    Affected: 7.7.0 , < 7.17.6 (custom)
    Affected: 7.18.0 , < 7.18.4 (custom)
    Affected: 7.19.0 , < 7.19.4 (custom)
        cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket_data_center Affected: 7.20.0
        cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13173"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.14",
                    "status": "affected",
                    "version": "5.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.6",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.18.4",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.4",
                    "status": "affected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.20.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:41:09.024921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:55:36.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.18.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.20.0"
                }
              ]
            }
          ],
          "datePublic": "2022-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Deserialization of untrusted data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T18:30:19.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13173"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-24T23:00:00",
              "ID": "CVE-2022-26133",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.18.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.19.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.20.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Deserialization of untrusted data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13173",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13173"
                },
                {
                  "name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26133",
        "datePublished": "2022-04-20T18:30:19.225Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:55:36.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-21684 (GCVE-0-2024-21684)

    Vulnerability from cvelistv5 – Published: 2024-07-24 18:00 – Updated: 2024-11-05 19:19
    VLAI
    Summary
    There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Open Redirect
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 8.19.1
    Affected: 8.9.0 to 8.9.12
    Affected: 8.8.0 to 8.8.7
    Affected: 8.7.0 to 8.7.5
    Affected: 8.6.0 to 8.6.4
    Affected: 8.5.0 to 8.5.4
    Affected: 8.4.0 to 8.4.4
    Affected: 8.3.0 to 8.3.4
    Affected: 8.2.2 to 8.2.4
    Affected: 8.1.3 to 8.1.5
    Affected: 8.0.3 to 8.0.5
    Unaffected: 8.19.2 to 8.19.6
    Unaffected: 8.9.13 to 8.9.17
    Create a notification for this product.
    Credits
    Taha YILDIRIM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-21684",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-24T18:45:18.293627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-601",
                    "description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-05T19:19:43.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T22:27:36.150Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-19454"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.19.1"
                },
                {
                  "status": "affected",
                  "version": "8.9.0 to 8.9.12"
                },
                {
                  "status": "affected",
                  "version": "8.8.0 to 8.8.7"
                },
                {
                  "status": "affected",
                  "version": "8.7.0 to 8.7.5"
                },
                {
                  "status": "affected",
                  "version": "8.6.0 to 8.6.4"
                },
                {
                  "status": "affected",
                  "version": "8.5.0 to 8.5.4"
                },
                {
                  "status": "affected",
                  "version": "8.4.0 to 8.4.4"
                },
                {
                  "status": "affected",
                  "version": "8.3.0 to 8.3.4"
                },
                {
                  "status": "affected",
                  "version": "8.2.2 to 8.2.4"
                },
                {
                  "status": "affected",
                  "version": "8.1.3 to 8.1.5"
                },
                {
                  "status": "affected",
                  "version": "8.0.3 to 8.0.5"
                },
                {
                  "status": "unaffected",
                  "version": "8.19.2 to 8.19.6"
                },
                {
                  "status": "unaffected",
                  "version": "8.9.13 to 8.9.17"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Taha YILDIRIM"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2.\n\nThis open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction.\n\nAtlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the  supported fixed versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Open Redirect",
                  "lang": "en",
                  "type": "Open Redirect"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-24T18:00:02.553Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://jira.atlassian.com/browse/BSERV-19454"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2024-21684",
        "datePublished": "2024-07-24T18:00:01.656Z",
        "dateReserved": "2024-01-01T00:05:33.846Z",
        "dateUpdated": "2024-11-05T19:19:43.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-22513 (GCVE-0-2023-22513)

    Vulnerability from cvelistv5 – Published: 2023-09-19 17:00 – Updated: 2025-03-06 15:44
    VLAI
    Summary
    This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • RCE (Remote Code Execution)
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Unaffected: < 8.0.0
    Affected: >= 8.0.0
    Affected: >= 8.1.0
    Affected: >= 8.10.0
    Affected: >= 8.11.0
    Affected: >= 8.12.0
    Affected: >= 8.13.0
    Affected: >= 8.2.0
    Affected: >= 8.3.0
    Affected: >= 8.4.0
    Affected: >= 8.5.0
    Affected: >= 8.6.0
    Affected: >= 8.7.0
    Affected: >= 8.8.0
    Affected: >= 8.9.0
    Unaffected: >= 8.10.5
    Unaffected: >= 8.11.4
    Unaffected: >= 8.12.2
    Unaffected: >= 8.13.1
    Unaffected: >= 8.14.0
    Unaffected: >= 8.9.5
    Create a notification for this product.
    Atlassian Bitbucket Server Unaffected: < 8.0.0
    Affected: >= 8.0.0
    Affected: >= 8.1.0
    Affected: >= 8.10.0
    Affected: >= 8.11.0
    Affected: >= 8.12.0
    Affected: >= 8.13.0
    Affected: >= 8.2.0
    Affected: >= 8.3.0
    Affected: >= 8.4.0
    Affected: >= 8.5.0
    Affected: >= 8.6.0
    Affected: >= 8.7.0
    Affected: >= 8.8.0
    Affected: >= 8.9.0
    Unaffected: >= 8.10.5
    Unaffected: >= 8.11.4
    Unaffected: >= 8.12.2
    Unaffected: >= 8.13.1
    Unaffected: >= 8.14.0
    Unaffected: >= 8.9.5
    Create a notification for this product.
    Credits
    a private user
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:13:48.688Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-14419"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-22513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-06T15:27:08.376997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-06T15:44:37.364Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.10.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.12.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.13.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.9.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.10.5"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.11.4"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.12.2"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.13.1"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.14.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.9.5"
                }
              ]
            },
            {
              "product": "Bitbucket Server",
              "vendor": "Atlassian",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "\u003c 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.0.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.1.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.10.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.11.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.12.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.13.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.2.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.3.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.4.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.5.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.7.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.8.0"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 8.9.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.10.5"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.11.4"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.12.2"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.13.1"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.14.0"
                },
                {
                  "status": "unaffected",
                  "version": "\u003e= 8.9.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "a private user"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version \u003e= 8.0 and \u003c 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program"
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "RCE (Remote Code Execution)",
                  "lang": "en",
                  "type": "RCE (Remote Code Execution)"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-19T18:30:00.597Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1283691616"
            },
            {
              "url": "https://jira.atlassian.com/browse/BSERV-14419"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2023-22513",
        "datePublished": "2023-09-19T17:00:00.980Z",
        "dateReserved": "2023-01-01T00:01:22.330Z",
        "dateUpdated": "2025-03-06T15:44:37.364Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-26133 (GCVE-0-2022-26133)

    Vulnerability from cvelistv5 – Published: 2022-04-20 18:30 – Updated: 2024-10-03 14:55
    VLAI
    Summary
    SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Deserialization of untrusted data
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    References
    Impacted products
    Vendor Product Version
    Atlassian Bitbucket Data Center Affected: 5.14.0 , < unspecified (custom)
    Affected: unspecified , < 7.6.14 (custom)
    Affected: 7.7.0 , < unspecified (custom)
    Affected: unspecified , < 7.17.6 (custom)
    Affected: 7.18.0 , < unspecified (custom)
    Affected: unspecified , < 7.18.4 (custom)
    Affected: 7.19.0 , < unspecified (custom)
    Affected: unspecified , < 7.19.4 (custom)
    Affected: 7.20.0
    Create a notification for this product.
    atlassian bitbucket_data_center Affected: 5.14.0 , < 7.6.14 (custom)
    Affected: 7.7.0 , < 7.17.6 (custom)
    Affected: 7.18.0 , < 7.18.4 (custom)
    Affected: 7.19.0 , < 7.19.4 (custom)
        cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*
    Create a notification for this product.
    atlassian bitbucket_data_center Affected: 7.20.0
        cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2022-03-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:56:37.656Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://jira.atlassian.com/browse/BSERV-13173"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "lessThan": "7.6.14",
                    "status": "affected",
                    "version": "5.14.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.17.6",
                    "status": "affected",
                    "version": "7.7.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.18.4",
                    "status": "affected",
                    "version": "7.18.0",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "7.19.4",
                    "status": "affected",
                    "version": "7.19.0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bitbucket_data_center",
                "vendor": "atlassian",
                "versions": [
                  {
                    "status": "affected",
                    "version": "7.20.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:41:09.024921Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-502",
                    "description": "CWE-502 Deserialization of Untrusted Data",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:55:36.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Bitbucket Data Center",
              "vendor": "Atlassian",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "5.14.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.6.14",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.7.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.17.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.18.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.18.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "7.19.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "7.19.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "7.20.0"
                }
              ]
            }
          ],
          "datePublic": "2022-03-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Deserialization of untrusted data",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-20T18:30:19.000Z",
            "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
            "shortName": "atlassian"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13173"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@atlassian.com",
              "DATE_PUBLIC": "2022-03-24T23:00:00",
              "ID": "CVE-2022-26133",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Bitbucket Data Center",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "5.14.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.6.14"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.7.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.17.6"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.18.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.18.4"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "7.19.0"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.19.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "7.20.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Atlassian"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Deserialization of untrusted data"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://jira.atlassian.com/browse/BSERV-13173",
                  "refsource": "MISC",
                  "url": "https://jira.atlassian.com/browse/BSERV-13173"
                },
                {
                  "name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
                  "refsource": "MISC",
                  "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "assignerShortName": "atlassian",
        "cveId": "CVE-2022-26133",
        "datePublished": "2022-04-20T18:30:19.225Z",
        "dateReserved": "2022-02-25T00:00:00.000Z",
        "dateUpdated": "2024-10-03T14:55:36.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }