CVE-2020-8203
This High severity vulnerability known as CVE-2020-8203 was introduced in 4.4.0, 8.19.0, 8.19.1, 8.19.2, 8.19.3, 8.19.4, 8.19.5, 8.19.6, 8.19.7, 8.19.8, 8.19.9, 8.19.10, 8.19.11, 8.19.12, 8.19.13, 8.19.14, 8.19.15 of Bitbucket Data Center and Server. This vulnerability with a CVSS Score of 7.4 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center and Server 8.19: Upgrade to a release greater than or equal to 8.19.25 See the release notes. You can download the latest version of Bitbucket Data Center and Server from the download center.
EPSS 2.55% · 85.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Jira Service Management Server | |
| Atlassian | Jira Software Server | |
| Azure | defender | |
| Atlassian | Jira Software Data Center | |
| Atlassian | Bitbucket Server | |
| Azure | storage | |
| Atlassian | Jira Service Management Data Center | |
| Atlassian | Bitbucket Data Center |
Exploit Intelligence
- Prototype pollution attack (lodash) (hackerone)
- Prototype pollution attack (lodash) (hackerone)
- Prototype pollution attack (lodash) (hackerone)
- https://hackerone.com/reports/864701 (osv)
- https://hackerone.com/reports/712065 (canonical)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
…and 23 more exploits
Timeline
- CVE Published
- Apr 27, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 15, 2021 EPSS Score
- Oct 21, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 8, 2022 EPSS Score
- Apr 20, 2022 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score