Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-13522

Critical severity command injection vulnerability - CVE-2022-43781

XMLWordPrintable

    • 9
    • Critical
    • CVE-2022-43781
    • Bitbucket Data Center, Bitbucket Server

      There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution on the system. This vulnerability was introduced in Bitbucket Server and Data Center version 7.0.

      Affected versions:

      • 7.0.0 ≤ version < 7.6.19
      • 7.7.0 ≤ version < 7.17.12
      • 7.18.0 ≤ version < 7.21.6
      • 7.22.0 ≤ version < 8.0.5
      • 8.1.0 ≤ version < 8.1.5
      • 8.2.0 ≤ version < 8.2.4
      • 8.3.0 ≤ version < 8.3.3
      • 8.4.0 ≤ version < 8.4.2

      Fixed versions:

      • 7.6.19 or newer
      • 7.17.12 or newer
      • 7.21.6 or newer
      • 8.0.5 or newer
      • 8.1.5 or newer
      • 8.2.4 or newer
      • 8.3.3 or newer
      • 8.4.2 or newer
      • 8.5.0 or newer

      For full descriptions of the above versions of Bitbucket Server and Data Center, see the release notes. You can download the latest version of Bitbucket from the download center. For Frequently Asked Questions (FAQ) click here.

      For additional details, see the full advisory: https://confluence.atlassian.com/x/Y4hXRg 

            Unassigned Unassigned
            security-metrics-bot Security Metrics Bot
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: