HomePentest-Tools.com Logo

Atlassian Bitbucket - Remote Command Injection CVE-2022-36804

Severity
CVSSv3 Score
8.8
Vulnerability description

Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.\n

Risk description

No risk description to display.

Recommendation

Apply the latest security patches provided by Atlassian to mitigate the vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Aug 25, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available