Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Atlassian's Bitbucket Server and Data Center
Alerts

Critical Vulnerability in Atlassian's Bitbucket Server and Data Center

29 August 2022

Atlassian has released security updates to address a critical command injection vulnerability (CVE-2022-36804) in multiple API endpoints of Bitbucket Server and Data Center. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.9 out of 10.

Successful exploitation of this vulnerability could allow an attacker with access to a public Bitbucket repository or with read permissions to a private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.

All versions of Bitbucket Server and Data Center released after 6.10.17 are affected, including 7.0.0 and up to 8.3.0.

The proof-of-concept (PoC) exploit for this vulnerability may be released soon. 

Administrators and users of the affected versions are advised to upgrade to the latest versions immediately.

More information is available at:

https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html


Back to top