Bitbucket Server comes with jQuery version 2.2.4. This version of jQuery is vulnerable to a security bug (CVE-2019-11358, [https://nvd.nist.gov/vuln/detail/CVE-2019-11358]) which is only fixed in jQuery 3.4.0.

Affected configurations

Vulners

Node

atlassianbitbucket_data_centerRange≤5.16.4

atlassianbitbucket_data_centerRange≤6.0.4

atlassianbitbucket_data_centerRange≤6.1.3

atlassianbitbucket_data_centerRange≤6.2.1

atlassianbitbucket_data_centerRange<5.16.5

atlassianbitbucket_data_centerRange<6.0.5

atlassianbitbucket_data_centerRange<6.1.4

atlassianbitbucket_data_centerRange<6.2.1

VendorProductVersionCPE
atlassianbitbucket_data_center*cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
atlassian	bitbucket_data_center	*	cpe:2.3:a:atlassian:bitbucket_data_center::::::::

debian 6

nessus 48

fedora 9

checkpoint_advisories 1

ibm 35

amazon 1

osv 12

atlassian 8

rubygems 1

redhat 10

debiancve 1

hackerone 1

friendsofphp 1

openvas 26

cvelist 1

joomla 1

ubuntucve 1

drupal 1

cbl_mariner 1

veracode 1

alpinelinux 1

nvd 2

githubexploit 4

github 2

redhatcve 1

cve 2

typo3 1

prion 1

symantec 1

f5 1

freebsd 2

oraclelinux 3

attackerkb 1

archlinux 1

cnvd 1

rocky 2

altlinux 2

suse 2

centos 1

almalinux 1

mageia 1

debian

[SECURITY] [DSA 4434-1] drupal7 security update

2019-04-20 12:03:09

[SECURITY] [DSA 4434-1] drupal7 security update

2019-04-20 12:03:09

[SECURITY] [DLA 2118-1] otrs2 security update

2020-02-24 17:03:32

nessus

RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)

2020-12-18 00:00:00

Oracle Enterprise Manager Ops Center UI or Other Patch (Oct 2019 CPU)

2023-01-12 00:00:00

Fedora 28 : drupal7 (2019-f563e66380)

2019-05-09 00:00:00

fedora

[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30

2019-05-09 01:34:20

[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30

2020-01-04 22:16:18

[SECURITY] Fedora 30 Update: drupal7-7.67-1.fc30

2019-05-25 01:06:23

checkpoint_advisories

jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)

2019-04-29 00:00:00

ibm

Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability

2019-06-05 06:20:01

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)

2019-12-20 08:47:33

Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)

2020-03-31 22:26:03

amazon

Medium: pcs

2023-01-18 00:16:00

osv

CVE-2019-11358

2019-04-20 00:29:00

otrs2 - security update

2020-02-24 00:00:00

jquery - security update

2019-05-06 00:00:00

atlassian

Update jQuery to address CVE-2019-11358

2019-08-01 05:11:29

Address CVE-2019-11358 in the bundled version of jQuery

2019-07-08 22:57:45

jQuery 2.2.4 is vulnerable to prototype pollution

2019-05-13 01:57:29

rubygems

Prototype pollution attack through jQuery $.extend

2019-04-18 21:00:00

redhat

(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update

2020-12-16 12:57:14

(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update

2020-04-06 08:40:52

(RHSA-2019:2587) Moderate: CloudForms 4.7.9 security, bug fix and enhancement update

2019-09-05 05:18:52

debiancve

CVE-2019-11358

2019-04-20 00:29:00

hackerone

Node.js third-party modules: Prototype pollution attack through jQuery $.extend

2018-12-03 15:53:20

friendsofphp

EZSA-2019-005 Bundled jQuery affected by CVE-2019-11358

2019-07-04 12:28:00

openvas

Django jQuery Vulnerability - Linux

2019-06-26 00:00:00

Debian: Security Advisory (DLA-1777-1)

2019-05-07 00:00:00

Django jQuery Vulnerability - Windows

2019-06-26 00:00:00

cvelist

CVE-2019-11358

2019-04-19 00:00:00

joomla

[20190403] - Core - Object.prototype pollution in JQuery $.extend

2019-03-25 00:00:00

ubuntucve

CVE-2019-11358

2019-04-20 00:00:00

drupal

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

2019-04-17 00:00:00

cbl_mariner

CVE-2019-11358 affecting package python-pygments for versions less than 2.7.4-1

2024-07-24 00:12:29

veracode

Prototype Pollution

2019-04-22 03:41:01

alpinelinux

CVE-2019-11358

2019-04-20 00:29:00

nvd

CVE-2019-11358

2019-04-20 00:29:00

CVE-2019-5428

2019-04-22 21:29:00

githubexploit

Exploit for Prototype Pollution in Jquery

2020-12-01 09:18:58

Exploit for Prototype Pollution in Jquery

2019-07-18 19:15:33

Exploit for Prototype Pollution in Jquery

2021-03-08 11:34:11

github

eZ Platform Bundled jQuery affected by CVE-2019-11358

2024-05-15 21:08:41

XSS in jQuery as used in Drupal, Backdrop CMS, and other products

2019-04-26 16:29:11

redhatcve

CVE-2019-11358

2021-07-18 00:15:31

cve

CVE-2019-11358

2019-04-20 00:29:00

CVE-2019-5428

2019-04-22 21:29:00

typo3

Cross-Site Scripting in jQuery before 3.4.0

2019-05-07 00:00:00

prion

Design/Logic Flaw

2019-04-20 00:29:00

symantec

JQuery CVE-2019-11358 Cross Site Scripting Vulnerability

2019-04-17 00:00:00

K20455158 : jQuery vulnerability CVE-2019-11358

2020-04-14 00:00:00

freebsd

Django -- AdminURLFieldWidget XSS

2019-06-03 00:00:00

mediawiki -- multiple vulnerabilities

2019-04-23 00:00:00

oraclelinux

pcs security update

2022-11-03 00:00:00

ipa security, bug fix, and enhancement update

2020-10-06 00:00:00

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-10 00:00:00

attackerkb

CVE-2019-11358

2019-04-20 00:00:00

archlinux

[ASA-201906-2] python-django: cross-site scripting

2019-06-04 00:00:00

cnvd

Silverstripe framework cross-site scripting vulnerability

2022-11-23 00:00:00

rocky

pcs security, bug fix, and enhancement update

2021-11-09 08:21:49

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

altlinux

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

2020-10-21 00:00:00

Security fix for the ALT Linux 9 package mediawiki version 1.32.2-alt1

2019-06-13 00:00:00

suse

Security update for python-Django (moderate)

2019-08-08 00:00:00

Security update for python-Django (moderate)

2019-08-14 00:00:00

centos

ipa, python2 security update

2020-10-20 18:15:27

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

mageia

Updated mediawiki packages fix security vulnerabilities

2019-09-15 17:45:31

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.024

Percentile

90.2%

JSON

Related for BSERV-11753

debian6 nessus48 fedora9 checkpoint_advisories1 ibm35 amazon1 osv12 atlassian8 rubygems1 redhat10 debiancve1 hackerone1 friendsofphp1 openvas26 cvelist1 joomla1 ubuntucve1 drupal1 cbl_mariner1 veracode1 alpinelinux1 nvd2 githubexploit4 github2 redhatcve1 cve2 typo31 prion1 symantec1 f51 freebsd2 oraclelinux3 attackerkb1 archlinux1 cnvd1 rocky2 altlinux2 suse2 centos1 almalinux1 mageia1