module
Bitbucket Environment Variable RCE
| Disclosed |
|---|
| Nov 16, 2022 |
Disclosed
Nov 16, 2022
Description
For various versions of Bitbucket, there is an authenticated command injection
vulnerability that can be exploited by injecting environment
variables into a user name. This module achieves remote code execution
as the `atlbitbucket` user by injecting the `GIT_EXTERNAL_DIFF` environment
variable, a null character as a delimiter, and arbitrary code into a user's
user name. The value (payload) of the `GIT_EXTERNAL_DIFF` environment variable
will be run once the Bitbucket application is coerced into generating a diff.
This module requires at least admin credentials, as admins and above
only have the option to change their user name.
vulnerability that can be exploited by injecting environment
variables into a user name. This module achieves remote code execution
as the `atlbitbucket` user by injecting the `GIT_EXTERNAL_DIFF` environment
variable, a null character as a delimiter, and arbitrary code into a user's
user name. The value (payload) of the `GIT_EXTERNAL_DIFF` environment variable
will be run once the Bitbucket application is coerced into generating a diff.
This module requires at least admin credentials, as admins and above
only have the option to change their user name.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.