CVE-2022-36804
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
99.1%
p100
KEV
YES
Sep 30, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Atlassian / Bitbucket Server and Data Center
Vulnerability
Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
Added to KEV
Sep 30, 2022
Remediate by
Oct 21, 2022
Known ransomware use
No
Summary description
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
Required action
Apply updates per vendor instructions.
Notes
https://jira.atlassian.com/browse/BSERV-13438; https://nvd.nist.gov/vuln/detail/CVE-2022-36804
No related CVEs by CWE or product.