Home

Description

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.

PUBLISHED Reserved 2026-05-17 | Published 2026-05-17 | Updated 2026-05-18 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authentication for Critical Function

Product status

4.23.1
affected

Credits

Kacper Szurek finder

References

www.exploit-db.com/exploits/44668 (ExploitDB-44668) exploit

security.szurek.pl/ (Official Product Homepage) product

github.com/gitbucket/gitbucket (Product Reference) product

www.vulncheck.com/...t-unauthenticated-remote-code-execution (VulnCheck Advisory: GitBucket 4.23.1 Unauthenticated Remote Code Execution) third-party-advisory

cve.org (CVE-2018-25332)

nvd.nist.gov (CVE-2018-25332)

Download JSON