June 6, 2023

Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 with a CVSS score 9.9, that could be explored to execute malicious code on vulnerable installs

The flaw is a command injection vulnerability that can be exploited via specially crafted HTTP requests.

Advertisements

Affected Versions

  • Bitbucket Server and Datacenter 7.6
  • Bitbucket Server and Datacenter 7.17
  • Bitbucket Server and Datacenter 7.21
  • Bitbucket Server and Datacenter 8.0
  • Bitbucket Server and Datacenter 8.1
  • Bitbucket Server and Datacenter 8.2,
  • Bitbucket Server and Datacenter 8.3

Domains hosted by Atlassian are not affected by this issue.

If you’re unable to upgrade Bitbucket, a temporary mitigation step :

Atlassian is recommending turning off public repositories using “feature.public.access=false” to prevent unauthorized users from exploiting the flaw.

Tags:

1 thought on “Atlassian Patches Bitbucket Critical Vulnerability

  1. Pingback: Atlassian Bitbucket flaw added to Known Exploited Catalog - TheCyberThrone

Leave a Reply

You may have missed

Google Fixes Third Chrome Zeroday

Google Fixes Third Chrome Zeroday

June 6, 2023
Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
%d bloggers like this: