Security News > 2022 > August > Atlassian Bitbucket Server vulnerable to critical RCE vulnerability

Atlassian Bitbucket Server vulnerable to critical RCE vulnerability
2022-08-26 16:40

Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances.

"An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request," explains Atlassian's advisory.

The vulnerability impacts all Bitbucket Server and Data Center versions after 6.10.17, including 7.0.0 and up to 8.3.0.

Atlassian notes that those accessing Bitbucket via bitbucket.org domains aren't impacted by the critical RCE, as the vendor hosts those instances.

The security researcher who discovered CVE-2022-36804 back in July 2022, Max Garrett, reported it to Atlassian via the firm's bug bounty program on Bugcrowd and received $6,000 for his finding.

That said, Bitbucket Server and Data Center users are advised to apply the available security update or mitigations as soon as possible.


News URL

https://www.bleepingcomputer.com/news/security/atlassian-bitbucket-server-vulnerable-to-critical-rce-vulnerability/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2022-36804 Unspecified vulnerability in Atlassian Bitbucket
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
network
low complexity
atlassian
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 56 275 59 36 426