Atlassian has identified a critical vulnerability in the security system of the Bitbucket server and data center, which allowed attackers to execute malicious code on the affected instances. The critical error (CVE-2022-36804) is tracked as a command implementation vulnerability that exists at multiple endpoints of the Bitbucket server and the data center’s API.
Bitbucket is a Git-based source code repository hosting service owned by Atlassian. Bitbucket offers both commercial plans and free accounts with an unlimited number of private repositories. Bitbucket Server and Data Center-command injection vulnerability received the severity rating of CVSS 9.9. Severity levels According to a scale published in Atlassian, the severity of this vulnerability is “critical”.
According to the Atlassian council, “An attacker who has access to a public repository or has reading rights on a private Bitbucket repository can execute arbitrary code. by sending a malicious HTTP request,”. all versions released after 6.10.17, including 7.0, are affected. 0 and above, this means that there are all instances running from version 7.0. from 0 to 8.3. 0% are affected by this vulnerability. In addition, the company claims that there are users who access Bitbucket through bitbucket söylüyor.org the domain is hosted by Atlassian, and users are not affected by this vulnerability. Fixed Versions Are Being Updated Now