Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center

Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations.

Tracked as CVE-2022-36804, the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests.

“An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request,” Atlassian said in an advisory.

As a temporary workaround in scenarios where the patches cannot be applied right away, Atlassian is recommending turning off public repositories using “Feature.public.access=false” to prevent unauthorized users from exploiting the flaw.

“This can not be considered a complete mitigation as an attacker with a user account could still succeed,” it cautioned, meaning it could be leveraged by threat actors who are already in possession of valid credentials obtained through other means.

Users of affected versions of the software are recommended to upgrade their instances to the latest version as soon as possible to mitigate potential threats.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.