Known Vulnerabilities for Bitbucket by Atlassian
Listed below are 10 of the newest known vulnerabilities associated with "Bitbucket" by "Atlassian".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48924 json | Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform... | Not Provided | 2026-05-27 | 2026-05-27 |
| CVE-2026-41574 json | Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAu... | Not Provided | 2026-05-08 | 2026-05-08 |
| CVE-2026-3515 json | A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attac... | Not Provided | 2026-05-24 | 2026-05-26 |
| CVE-2022-43781 json | There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with ... | 9.8 - CRITICAL | 2022-11-17 | 2022-11-18 |
| CVE-2022-36804 json | Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before v... | 8.8 - HIGH | 2022-08-25 | 2023-08-08 |
| CVE-2022-26137 json | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters ... | 8.8 - HIGH | 2022-07-20 | 2022-08-04 |
| CVE-2022-26136 json | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by fi... | 9.8 - CRITICAL | 2022-07-20 | 2022-08-04 |
| CVE-2020-36233 json | The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and f... | 7.8 - HIGH | 2021-02-18 | 2021-02-24 |
| CVE-2020-14171 json | Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repositor... | 6.5 - MEDIUM | 2020-07-09 | 2020-07-15 |
| CVE-2020-14170 json | Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content o... | 4.3 - MEDIUM | 2020-07-09 | 2020-07-15 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Atlassian | Bitbucket | 7.3.1 | |||
| Application | Atlassian | Bitbucket | 7.2.4 | |||
| Application | Atlassian | Bitbucket | 7.1.1 | |||
| Application | Atlassian | Bitbucket | 7.1.0 | |||
| Application | Atlassian | Bitbucket | 7.0.3 | |||
| Application | Atlassian | Bitbucket | 7.0.2 | |||
| Application | Atlassian | Bitbucket | 7.0.0 | |||
| Application | Atlassian | Bitbucket | 6.9.3 | |||
| Application | Atlassian | Bitbucket | 6.9.2 | |||
| Application | Atlassian | Bitbucket | 6.9.1 | |||
| Application | Atlassian | Bitbucket | 6.9.0 | |||
| Application | Atlassian | Bitbucket | 6.8.4 | |||
| Application | Atlassian | Bitbucket | 6.8.3 | |||
| Application | Atlassian | Bitbucket | 6.8.2 | |||
| Application | Atlassian | Bitbucket | 6.8.0 | |||
| Application | Atlassian | Bitbucket | 6.7.5 | |||
| Application | Atlassian | Bitbucket | 6.7.4 | |||
| Application | Atlassian | Bitbucket | 6.7.3 | |||
| Application | Atlassian | Bitbucket | 6.7.2 | |||
| Application | Atlassian | Bitbucket | 6.7.1 |