Bitbucket

Multiple vulnerabilities in Atlassian Bamboo, Bitbucket, Confluence, and Jira allow attackers to execute arbitrary code, bypass security measures, manipulate data, disclose information, or perform cross-site scripting attacks.

Attackers may delete secret scanning rules in Bitbucket to impair defenses and introduce secrets into the code repository undetected, potentially leading to unauthorized access or data breaches.

An attacker modifies Bitbucket global SSH settings to potentially enable unauthorized access and lateral movement.

An attacker may modify the Bitbucket audit log configuration to impair security monitoring and evade detection.

An adversary with administrative privileges may delete global secret scanning rules in Bitbucket to impair defenses and exfiltrate sensitive data without detection.

An adversary may impair defenses by adding a secret scanning allowlist rule for Bitbucket projects, potentially allowing secrets to be committed and exposed.

Detection of Bitbucket user login failures, potentially indicating credential access attempts, initial access attempts, or other malicious activity.