PRP: Request Atlassian Bitbucket Server and Data Center RCE (CVE-2022-36804) #266
Labels
Contributor main
The main issue a contributor is working on (top of the contribution queue).
PRP:Accepted
PRP:Inactive
Hello.
I want to contribute to the tsunami scanner with a detector plugin to detect CVE-2022-36804 vulnerability
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-36804
https://jira.atlassian.com/browse/BSERV-13438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36804
Description
The vulnerability has been assigned a CVE ID CVE-2022-36804 , the severity level of the vulnerability is Critical : CVSS v3 score: 9.9 => Critical severityhttps://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public Bitbucket repository(remote, unauthenticated attacker ) or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request.
versions
All versions released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive can be exploited by this vulnerability.
The text was updated successfully, but these errors were encountered: