Atlassian Bitbucket Server 4.x < 4.10.0 Unauthorized Access
Low Nessus Network Monitor Plugin ID 9886
SynopsisThe remote Bitbucket server is affected by an unauthorized access attack vector.
DescriptionVersions of Bitbucket 4.x, prior to 4.10.0 contain a flaw that is triggered when handling SSH keys, which can allow access to repositories even though a user has been deleted. This may allow a remote attacker to gain unauthorized access to sensitive information.
SolutionUpgrade to Bitbucket version 4.10.0 or later.