Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-43781
HistoryNov 17, 2022 - 12:15 a.m.

CVE-2022-43781

2022-11-1700:15:18
CWE-77
[email protected]
web.nvd.nist.gov
1
cve-2022-43781
environment variables
bitbucket server
data center
permission control
arbitrary code
unauthenticated
allow public signup

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.57 Medium

EPSS

Percentile

97.7%

JSON

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled β€œAllow public signup”.

Affected configurations

NVD
Node
atlassianbitbucketRange7.0.0–7.6.19
OR
atlassianbitbucketRange7.7.0–7.17.12
OR
atlassianbitbucketRange7.18.0–7.21.6
OR
atlassianbitbucketRange7.22.0–8.0.5
OR
atlassianbitbucketRange8.1.0–8.1.5
OR
atlassianbitbucketRange8.2.0–8.2.4
OR
atlassianbitbucketRange8.3.0–8.3.3
OR
atlassianbitbucketRange8.4.0–8.4.2

Related

cvelist 1
prion 1
cve 1
packetstorm 1
atlassian 1
metasploit 1
zdt 1
nessus 1
hivepro 1
rapid7blog 1
thn 2
cvelist
cvelist
CVE-2022-43781
2022-11-17 00:00:01
prion
prion
Command injection
2022-11-17 00:15:00
cve
cve
CVE-2022-43781
2022-11-17 00:15:18
packetstorm
packetstorm
Bitbucket Environment Variable Remote Command Injection
2023-03-16 00:00:00
atlassian
atlassian
Critical severity command injection vulnerability - CVE-2022-43781
2022-10-12 21:46:59
metasploit
metasploit
Bitbucket Environment Variable RCE
2023-02-13 17:31:06
zdt
zdt
Bitbucket Environment Variable Remote Command Injection Exploit
2023-03-16 00:00:00
nessus
nessus
Atlassian Bitbucket < 7.6.19 / 7.17.12 / 7.21.6 / 8.0.5 / 8.1.5 / 8.2.4 / 8.3.3 / 8.4.2 Command Injection
2023-01-18 00:00:00
hivepro
hivepro
Atlassian Addresses Issues in Crowd and Bitbucket Products
2022-11-23 12:13:27
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-03-17 19:33:24
thn
thn
Atlassian's Jira Service Management Found Vulnerable to Critical Vulnerability
2023-02-03 07:55:00
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products
2022-11-19 04:30:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.57 Medium

EPSS

Percentile

97.7%

JSON
Related for NVD:CVE-2022-43781
cvelist1prion1cve1packetstorm1atlassian1metasploit1zdt1nessus1hivepro1rapid7blog1thn2