March 27, 2023

Atlassian has patched critical vulnerabilities in its Crowd and Bitbucket products.

In the Bitbucket source code repository hosting service, Atlassian fixed CVE-2022-43781, a critical command injection vulnerability that affects Bitbucket Server and Data Center version 7 and, in some cases, version 8.

Updates that patch the flaw have been released for both BitBucket 7 and 8. Atlassian Cloud sites are not affected.

In the Crowd, an application security framework that handles authentication and authorization for web-based applications, Atlassian fixed CVE-2022-43782, a critical security misconfiguration issue affecting all versions starting with 3.0.0.

Advertisements

Summarizing, all new installations running any of the following versions are impacted:

  • Crowd 3.0.0 – Crowd 3.7.2
  • Crowd 4.0.0 – Crowd 4.4.3
  • Crowd 5.0.0 – Crowd 5.0.2

Atlassian will not patch the vulnerability in version 3.0.0 of the product because it reached the end of life.

This flaw has been rated critical, it can only be exploited by IPs in the Crowd application’s allowlist in the Remote Addresses configuration. It only impacts new installations users who have updated their installation from a version prior to 3.0.0 are not affected.

There does not appear to be any evidence of malicious exploitation.

Tags:

Leave a Reply

You may have missed

Okta Credentials Exposed via Post Exploitation Attack

Okta Credentials Exposed via Post Exploitation Attack

March 27, 2023
Dark Power Ransomware Dissection

Dark Power Ransomware Dissection

March 26, 2023
CatB Ransomware Dissection

CatB Ransomware Dissection

March 26, 2023
Microsoft Patches Acropalypse Vulnerability

Microsoft Patches Acropalypse Vulnerability

March 26, 2023
TheCyberThrone Security Week In Review – March 25th, 2023

TheCyberThrone Security Week In Review – March 25th, 2023

March 26, 2023
ChatGPT for Google- Harvest Facebook Accounts

ChatGPT for Google- Harvest Facebook Accounts

March 26, 2023
%d bloggers like this: