CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content.

Product Status

Learn more

Versions 22 Total

Default Status: unknown

affected

Versions 22 Total

Default Status: unknown

affected

References 1 Total

https://jira.atlassian.com/browse/BSERV-12099
external site

Updated: 2024-08-05

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://jira.atlassian.com/browse/BSERV-12099
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Atlassian

Description

Product Status

References 1 Total

CVE Program

References 1 Total