Lucene search
+L

9 matches found

Rapid7 Blog
Rapid7 Blog
added 2023/03/17 7:33 p.m.71 views

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

7.2CVSS0.2AI score0.99815EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.339 views

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...

9.8CVSS0.8AI score0.98076EPSS
Exploits3
The Hacker News
The Hacker News
added 2022/11/19 4:30 a.m.83 views

Atlassian Releases Patches for Critical Flaws Affecting Crowd and Bitbucket Products

Australian software company Atlassian has rolled out security updates to address two critical flaws affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as CVE-2022-43781 and CVE-2022-43782, are both rated 9 out of 10 on the CVSS vulnerability scoring system...

9.8CVSS3.7AI score0.99077EPSS
Exploits27
Circl
Circl
added 2022/11/17 3:52 p.m.11 views

CVE-2022-43781

creationtimestamp| type| source ---|---|--- 2022-11-17 15:52:49+00:00| seen| https://t.me/cibsecurity/53036 2022-11-19 05:38:09+00:00| seen| https://t.me/thehackernews/2779 2022-11-19 09:31:36+00:00| seen| https://t.me/cKure/10449 2022-11-19 15:36:37+00:00| seen| https://t.me/itsecnews/1806...

9.8CVSS9AI score0.98076EPSS
Exploits3References8
NVD
NVD
added 2022/11/17 12:15 a.m.17 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

9.8CVSS0.98076EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.20 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

8.1AI score0.98076EPSS
Exploits3References2
CVE
CVE
added 2022/11/17 12:0 a.m.175 views

CVE-2022-43781

CVE-2022-43781 affects Atlassian Bitbucket Server/Data Center. A vulnerability exists where an attacker who can control their own username can trigger a command-injection by injecting environment variables, enabling remote code execution on the host. The issue is exploitable through the Bitbucket...

9.8CVSS9.7AI score0.98076EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.31 views

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and...

10AI score0.98076EPSS
Exploits3References2
Atlassian
Atlassian
added 2022/10/12 9:46 p.m.74 views

Critical severity command injection vulnerability - CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution on the system. This vulnerability was introduced in Bitbucket Server and Data Center...

9.8CVSS2.2AI score0.98076EPSS
Exploits3
Rows per page
Query Builder