Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 prior to 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian bitbucket 8.3.0 |
||
atlassian bitbucket |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Some days, security just feels like a total illusion. OK, most days...
A recently disclosed critical vulnerability in Atlassian's Bitbucket is actively being exploited, according to the US government. The Cybersecurity and Infrastructure Security Agency (CISA) late on Friday placed the flaw – tracked as CVE-2022-36804 – on its catalog of Known Exploited Vulnerabilities (KEV), effectively a must-patch list. GreyNoise, a company that tracks and analyzes internet traffic, said it found evidence the security hole was being exploited in the wild. CISA put the vulner...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Grab and deploy this backend update if you offer even repo read access
A critical command-injection vulnerability in multiple API endpoints of Atlassian Bitbucket Server and Data Center could allow an unauthorized attacker to remotely execute malware, and view, change, and even delete data stored in repositories. Atlassian has fixed the security holes, which are present in versions 7.0.0 to 8.3.0 of the software, inclusive. Luckily there are no known exploits in the wild. But considering the vulnerability, tracked as CVE-2022-36804, received a 9.9 out of 10 C...