Security News > 2022 > October > CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request.
Successful exploitation banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository.
"All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassian noted in a late August 2022 advisory.
CISA did not provide further details about how the flaw is being exploited and how widespread exploitation efforts are, but GreyNoise said it detected evidence of in-the-wild on September 20 and 23.
As countermeasures, all Federal Civilian Executive Branch agencies are required to remediate the vulnerabilities by October 21, 2022 to protect networks against active threats.
News URL
https://thehackernews.com/2022/10/cisa-warns-of-hackers-exploiting.html
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-25 | CVE-2022-36804 | Argument Injection or Modification vulnerability in Atlassian Bitbucket Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. | 8.8 |