QID 520015
Date Published: 2024-04-01
QID 520015: Atlassian Bitbucket Denial of Service Vulnerability (CVE-2024-21634)
Bitbucket is a Git-based source code repository hosting service owned by Atlassian.
The software.amazon.ion:ion-java Dependency vulnerability was introduced in Bitbucket Data Center and Server.
This software.amazon.ion:ion-java Dependency vulnerability, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction.
Affected versions :
Atlassian Bitbucket Server and Data Center version from 7.21.0 to 7.21.21
Atlassian Bitbucket Server and Data Center version from 8.0.0 to 8.8.7
Atlassian Bitbucket Server and Data Center version from 8.9.0 to 8.9.9
Atlassian Bitbucket Server and Data Center version from 8.10.0 to 8.10.6
Atlassian Bitbucket Server and Data Center version from 8.11.0 to 8.11.6
Atlassian Bitbucket Server and Data Center version from 8.12.0 to 8.12.6
Atlassian Bitbucket Server and Data Center version from 8.13.0 to 8.13.5
Atlassian Bitbucket Server and Data Center version from 8.14.0 to 8.14.4
Atlassian Bitbucket Server and Data Center version from 8.15.0 to 8.15.3
Atlassian Bitbucket Server and Data Center version from 8.16.0 to 8.16.2
Atlassian Bitbucket Server and Data Center version from 8.17.0 to 8.17.1
Atlassian Bitbucket Server and Data Center version 8.18.0
QID Detection Logic:(Unauthenticated):
It checks for vulnerable version of Atlassian Bitbucket Server.
Successful exploitation of the vulnerability can allow an attacker to trigger a Denial of Service attack.
- BSERV-19291 -
jira.atlassian.com/browse/BSERV-19291
CVEs related to QID 520015
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| BSERV-19291 |
jira.atlassian.com/browse/BSERV-19291 |