CVE-2020-14171

CWE-319 — Cleartext Transmission3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 45.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Bitbucket Server Atlassian Bitbucket

Timeline

PublishedJul 9

Latest updateMay 24

Description

Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 allows remote attackers to intercept unencrypted repository import requests via a Man-in-the-Middle (MITM) attack.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5atlassian/bitbucket_server4.9.0 — unspecified+1

▶NVDatlassian/bitbucket4.9.0 — 7.2.4

🔴Vulnerability Details

GHSA

GHSA-83rh-f8p6-mcrp: Atlassian Bitbucket Server from version 4↗2022-05-24

▶

CVEList

CVE-2020-14171: Atlassian Bitbucket Server from version 4↗2020-07-09

▶