HomePentest-Tools.com Logo

Atlassian Bitbucket - Remote Command Injection CVE-2022-36804

CVSSv3 Score
Vulnerability description

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.\n

Risk description

No risk description to display.


Apply the latest security patches provided by Atlassian to mitigate the vulnerability.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Aug 25, 2022
Detection added at
Software Type
Not available
Not available
Not available