CVE-2019-15010

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
2.1%
top 16.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Atlassian Bitbucket Data CenterAtlassian Bitbucket ServerAtlassian Bitbucket
Timeline
PublishedJan 15
Latest updateMay 24

Description

Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user inp

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5atlassian/bitbucket_data_center3.0unspecified+21
CVEListV5atlassian/bitbucket_server3.0unspecified+21
NVDatlassian/bitbucket3.0.05.6.11+10

🔴Vulnerability Details

2
GHSA
GHSA-m5v4-45rr-7w82: Bitbucket Server and Bitbucket Data Center versions starting from version 32022-05-24
CVEList
CVE-2019-15010: Bitbucket Server and Bitbucket Data Center versions starting from version 32020-01-15