PT-2024-19015 · Atlassian · Bitbucket
Taha Yildirim
·
Published
2024-07-24
·
Updated
2025-07-30
·
CVE-2024-21684
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Bitbucket Data Center versions 8.0.0 through 8.9.12
Bitbucket Data Center versions 8.19.0 through 8.19.1
Description
The issue is an open redirect vulnerability that allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site. This can be utilized for further exploitation and has low impact to confidentiality, with no impact to integrity and availability, requiring user interaction.
Recommendations
For Bitbucket Data Center versions 8.0.0 through 8.9.12, upgrade to version 8.9.13 or later.
For Bitbucket Data Center versions 8.19.0 through 8.19.1, upgrade to version 8.19.2 or later.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitbucket