Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2018-25332: GitBucket 4.23.1 allows attackers to execute arbitrary system commands
CVE-2018-25332
Summary
GitBucket users are at risk of unauthorized code execution. Attackers can use weak secret tokens and upload malicious files to execute system commands. Update to a patched version to prevent this risk.
Original title
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upl...
Original description
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026