Jimi Wikman Posted November 27, 2022 Share Posted November 27, 2022 Summary: CVE-2022-43781 - Command Injection Vulnerability Advisory Release Date: 16 Nov 2022 10 AM PDT (Pacific Time, -7 hours) Product: Bitbucket Server, Bitbucket Data Center CVE ID(s): CVE-2022-43781 More information: https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-security-advisory-2022-11-16-1180141667.html Summary of Vulnerability This advisory discloses a critical severity security vulnerability introduced in version 7.0.0 of Bitbucket Server and Data Center. The following versions are affected by this vulnerability: Bitbucket Data Center and Server 7.0 to 7.21 Bitbucket Data Center and Server 8.0 to 8.4 if mesh.enabled is set to false in bitbucket.properties There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system. This issue can be tracked here: BSERV-13522 - Critical severity command injection vulnerability - CVE-2022-43781 Published Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.