Jump to content

Bitbucket Server and Data Center Security Advisory 2022-11-16

Jimi Wikman
 Share


Recommended Posts

Summary: CVE-2022-43781 - Command Injection Vulnerability
Advisory Release Date: 16 Nov 2022 10 AM PDT (Pacific Time, -7 hours)
Product: Bitbucket Server, Bitbucket Data Center
CVE ID(s): CVE-2022-43781
More information: https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-security-advisory-2022-11-16-1180141667.html

 

Summary of Vulnerability

This advisory discloses a critical severity security vulnerability introduced in version 7.0.0 of Bitbucket Server and Data Center. The following versions are affected by this vulnerability:

  • Bitbucket Data Center and Server 7.0 to 7.21

  • Bitbucket Data Center and Server 8.0 to 8.4 if mesh.enabled is set to false in bitbucket.properties

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system.

This issue can be tracked here: viewavatar?size=xsmall&avatarId=98192&avatarType=issuetypeBSERV-13522 - Critical severity command injection vulnerability - CVE-2022-43781 Published

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share


×
×
  • Create New...