9 matches found
Metasploit Weekly Wrap-Up
FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...
Bitbucket Environment Variable Remote Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...
Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products
Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...
CVE-2022-43781
creationtimestamp| type| source ---|---|--- 2022-11-17 15:52:49+00:00| seen| https://t.me/cibsecurity/53036 2022-11-19 05:38:09+00:00| seen| https://t.me/thehackernews/2779 2022-11-19 09:31:36+00:00| seen| https://t.me/cKure/10449 2022-11-19 15:36:37+00:00| seen| https://t.me/itsecnews/1806...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
CVE-2022-43781
CVE-2022-43781 affects Atlassian Bitbucket Server/Data Center. A vulnerability exists where an attacker who can control their own username can trigger a command-injection by injecting environment variables, enabling remote code execution on the host. The issue is exploitable through the Bitbucket...
CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...
Critical severity command injection vulnerability - CVE-2022-43781
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution on the system. This vulnerability was introduced in Bitbucket Server and Data Center...