Is CVE-2019-15000 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Bitbucket Data Center

CVE-2019-15000

The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 bef…

EPSS: 0.110 (93.6th percentile) — read the EPSS interpretation.

Affected products

Atlassian Bitbucket Data Center — versions unspecified, 6.0.0, unspecified
Atlassian Bitbucket Server — versions unspecified, 6.0.0, unspecified

Public proof-of-concept exploits

References

jira.atlassian.com/browse/BSERV-11947 (x_refsource_MISC)
20190925 Bitbucket Server security advisory 2019-09-18 (mailing-list, x_refsource_BUGTRAQ)
packetstormsecurity.com/files/154610/Bitbucket-Server-Data-Center-Argument-Inje… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15000?: CVE-2019-15000 is a vulnerability in Atlassian Bitbucket Data Center. Published 2019-09-19.
Is CVE-2019-15000 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.