The security vulnerability discovered in Bitbucket is caused by insecure extraction of a compressed TAR archive, allowing an attacker to traverse directories and execute arbitrary code through Git hooks. The issue was reported in February 2019 and fixed in version 6.1.2 of Bitbucket in April 2019. Multiple attack scenarios exist, including exploiting the vulnerability with a Bitbucket Data Center license and targeting users with lower permissions than Admin or System Admin to gain control over the server. It is recommended to update to the latest version of Bitbucket Data Center to mitigate this risk.