vulnerability

Atlassian Bitbucket: Critical severity command injection vulnerability (CVE-2022-36804)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Aug 17, 2022	Sep 20, 2022	Oct 26, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Aug 17, 2022

Added

Sep 20, 2022

Modified

Oct 26, 2022

Description

There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request.

Solution

atlassian-bitbucket-upgrade-latest

References

CVE-2022-36804
https://attackerkb.com/topics/CVE-2022-36804
URL-https://jira.atlassian.com/browse/BSERV-13438
URL-https://www.rapid7.com/blog/post/2022/09/20/cve-2022-36804-easily-exploitable-vulnerability-in-atlassian-bitbucket-server-and-data-center/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today