Bitbucket Server & Data Center - Remote Code Execution (CVE-2022-36804)
- CVSSv3 Score
- Vulnerability description
Bitbucket server is affected by a Remote Code Execution vulnerability located in multiple API endpoints. The root cause of this vulnerability is the lack of input sanitization, attackers being able to add extra arguments in the request URI by using
- Risk description
The risk exists that a remote unauthenticated attacker with access to a public repository or an authenticated attacker with read permissions to a private repository could exploit this vulnerability to execute arbitrary code on the vulnerable Bitbucket server by sending maliciously crafted HTTP requests.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Upgrading the Bitbucket Server to a version higher or equal to 8.3.1 or choosing any other patched version from the advisory removes the vulnerability.
- Not available