Atlassian Releases Security Update for Bitbucket Server and Data Center

Atlassian has released an update to remediate a critical security vulnerability affecting its Bitbucket Server and Data Center product

Threat ID:: CC-4217
Threat Severity:: Information only
Published:: 17 November 2022 3:11 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Atlassian has released an update to remediate a critical security vulnerability affecting its Bitbucket Server and Data Center product

Affected platforms

The following platforms are known to be affected:

Versions: 7.0 to 7.21, 8.0 to 8.4

Atlassian Bitbucket Data Center

Threat details

Introduction

Atlassian has released a security update to address a critical command injection vulnerability in Bitbucket Server and Data Center. The vulnerability known as CVE-2022-43781 has a CVSS score of 9.

An attacker with permission to control their username can exploit this vulnerability to execute code on the system.

Remediation advice

Affected organisations are encouraged to review the Atlassian Bitbucket Server and Data Center Advisory and apply the necessary updates or workarounds.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.

Last edited: 17 November 2022 3:11 pm