June 6, 2023

Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 with a CVSS score 9.9, that could be explored to execute malicious code on vulnerable installs

The flaw is a command injection vulnerability that can be exploited via specially crafted HTTP requests.

Advertisements

Affected Versions

  • Bitbucket Server and Datacenter 7.6
  • Bitbucket Server and Datacenter 7.17
  • Bitbucket Server and Datacenter 7.21
  • Bitbucket Server and Datacenter 8.0
  • Bitbucket Server and Datacenter 8.1
  • Bitbucket Server and Datacenter 8.2,
  • Bitbucket Server and Datacenter 8.3

Domains hosted by Atlassian are not affected by this issue.

If you’re unable to upgrade Bitbucket, a temporary mitigation step :

Atlassian is recommending turning off public repositories using “feature.public.access=false” to prevent unauthorized users from exploiting the flaw.

1 thought on “Atlassian Patches Bitbucket Critical Vulnerability

Leave a Reply

%d bloggers like this: