Friday, August 26, 2022
HomeInformation SecurityCrucial Vulnerability Found in Atlassian Bitbucket Server and Knowledge Middle

Crucial Vulnerability Found in Atlassian Bitbucket Server and Knowledge Middle


Atlassian has rolled out fixes for a essential safety flaw in Bitbucket Server and Knowledge Middle that would result in the execution of malicious code on weak installations.

Tracked as CVE-2022-36804 (CVSS rating: 9.9), the problem has been characterised as a command injection vulnerability in a number of endpoints that may very well be exploited by way of specifically crafted HTTP requests.

CyberSecurity

“An attacker with entry to a public Bitbucket repository or with learn permissions to a non-public one can execute arbitrary code by sending a malicious HTTP request,” Atlassian stated in an advisory.

The shortcoming, found and reported by safety researcher @TheGrandPew impacts all variations of Bitbucket Server and Datacenter launched after 6.10.17, inclusive of seven.0.0 and newer –

  • Bitbucket Server and Datacenter 7.6
  • Bitbucket Server and Datacenter 7.17
  • Bitbucket Server and Datacenter 7.21
  • Bitbucket Server and Datacenter 8.0
  • Bitbucket Server and Datacenter 8.1
  • Bitbucket Server and Datacenter 8.2, and
  • Bitbucket Server and Datacenter 8.3

As a brief workaround in eventualities the place the patches can’t be utilized immediately, Atlassian is recommending turning off public repositories utilizing “characteristic.public.entry=false” to stop unauthorized customers from exploiting the flaw.

CyberSecurity

“This cannot be thought of a whole mitigation as an attacker with a consumer account might nonetheless succeed,” it cautioned, which means it may very well be leveraged by menace actors who’re already in possession of legitimate credentials obtained via different means.

Customers of affected variations of the software program are advisable to improve their cases to the newest model as quickly as attainable to mitigate potential threats.



RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments