Bitbucket Data Center is the on-premises Git repository management solution for larger enterprises that require high availability and performance at scale. It uses a cluster of Bitbucket server nodes and is designed in your own data center. A vulnerability was found in the Data Center's migration tool. If a maliciously crafted archive is placed on the Bitbucket server, a remote user with administrative permissions could import it for data migration, allowing extracted files to be written to arbitrary locations, and result in remote code execution. Please note that this vulnerability is treated as local and not remote, this is because Bitbucket does not allow archives to be uploaded remotely.

Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool.