CVE-2024-21684

CWE-601 — Open Redirect3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.7%

top 28.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Atlassian Bitbucket Data Center

Timeline

PublishedJul 24

Description

There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDatlassian/bitbucket_data_center8.0.0 — 8.9.13+1

▶CVEListV5atlassian/bitbucket_data_center11 versions+10

🔴Vulnerability Details

CVEList

CVE-2024-21684: There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center↗2024-07-24

▶

GHSA

GHSA-gg9v-4hff-mc2m: There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center↗2024-07-24

▶