CVE-2022-36804 – Atlassian Bitbucket Server Vulnerability – Critical RCE

CVE-2022-36804 - Atlassian Bitbucket Server Vulnerability - Critical RCE

CVE-2022-36804 – Critical Atlassian Bitbucket Server Vulnerability – RCE

  • The latest flaw is tracked as CVE-2022-36804 and is a command injection in multiple API endpoints of the software product. It has received a CVSS severity score of 9.9 out of a maximum of 10.0, making this a critical vulnerability that should be patched immediately.
  • Remote attackers can exploit this argument injection vulnerability if they are able to access a Git repository in Bitbucket Server or Bitbucket Data Center.
  • An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request,” explains Atlassian’s advisory.
  • The vulnerability impacts all Bitbucket Server and Data Center versions after 6.10.17, including 7.0.0 and up to 8.3.0.
  • The versions that address the problem are 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.1.3, 8.2.2, and 8.3.1. Unfortunately, older and unsupported versions of the 6.x branch will not receive a fix for this flaw.
Table of fixed versions
Table of fixed versions (Atlassian)
  • Atlassian notes that those accessing Bitbucket via bitbucket.org domains aren’t impacted by the critical RCE, as the vendor hosts those instances.

Arbitrary Code Execution in Atlassian Products

  • Bitbucket from Atlassian is a Git-based code hosting and collaboration tool used mostly by enterprises. Whereas the Data Center is a deployment option for any of your Atlassian projects with high scaling ability.
  • Both these products are found to have a critical RCE security vulnerability, tracked as CVE-2022-36804.Any hacker exploiting this bug can effectively inject their malicious commands into the victim’s machines remotely.

Security Patch Advisory

  • Unfortunately, there’s no patch for the older versions, like the 6.x branch, since they’re unsupported. As they don’t have any official fix, Atlassian asked customers running on those versions to try the partial mitigation by turning off public repositories using “feature.public.access=false”.
  • This way, the instances won’t be accessible to unauthorized users; however, authorized users, like threat actors who have compromised valid credentials, may still perform attacks.

 

In order to undergo Penetration Testing to protect your organisation, let’s first understand what penetration testing is.

A penetration test is a method of evaluating a computer system or network to identify vulnerabilities that a malicious attacker could exploit. Security experts carry out penetration testing to identify vulnerabilities in the target software or system. Penetration testing is an integral part of a more extensive information security process to ensure proper risk management, compliance, and systems administration. A penetration test is an excellent way to determine the extent of the damage a hacker can cause. Penetration testing can be done at any point in time to find vulnerabilities in the system.

TOP 25 Penetration Testing is a specialized type of security testing that focuses on attack vectors and vulnerabilities listed in SANS Top 25. An organization’s security landscape is complex, and thus it is essential to test the organization’s security measures to ensure that they are working correctly. Penetration testing can help to ensure that an organization’s security measures are working correctly.

More To Explore

Lenovo Diagnostics Driver Memory Access

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.