National Cyber Warfare Foundation (NCWF) Forums


CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog


0 user ratings
2022-10-01 18:15:10
milo
Blue Team (CND)

CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its  Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […]


The post CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.




CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog.





The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its  Known Exploited Vulnerabilities Catalog.





According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.





Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.





At the end of August, Atlassian fixed a critical flaw in Bitbucket Server and Data Center, tracked as CVE-2022-36804 (CVSS score 9.9), that could be explored to execute malicious code on vulnerable installs





The flaw is a command injection vulnerability that can be exploited via specially crafted HTTP requests.





“This advisory discloses a critical severity security vulnerability which was introduced in version 7.0.0 of Bitbucket Server and Data Center.” reads the advisory. “There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request.”





The issue impacts all versions released after 6.10.17 including 7.0.0 and newer are affected, this means that all installs that are running any versions between 7.0.0 and 8.3.0 inclusive are impacted.





CISA orders federal agencies to fix these vulnerabilities by October 21, 2022.





Follow me on Twitter: @securityaffairs and Facebook













Pierluigi Paganini





(SecurityAffairs – hacking, Known Exploited Vulnerabilities Catalog)

















The post CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.



Source: SecurityAffairs
Source Link: https://securityaffairs.co/wordpress/136514/security/atlassian-bitbucket-flaw-known-exploited-vulnerabilities-catalog.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



© Copyright 2012 through 2022 - National Cyber War Foundation - All rights reserved worldwide.