Home / About / Threat Intelligence / Atlassian Bitbucket and Data Center command injection vulnerability

Target Industry

This vulnerability does not target any specific sector, potential attacks will likely be indiscriminate and opportunistic in nature.

Overview

Severity level: Critical – the vulnerability does not require special authentication credentials and can cause root-level compromise.

A critical command injection vulnerability has been discovered affecting several Atlassian API endpoints of Bitbucket and Data Center. The vulnerability is being tracked as CVE-2022-36804. Patching has been released and should be acquired as soon as possible.

Impact

This vulnerability enables malicious threat actors to execute arbitrary code by sending malicious HTTP requests to users within accessible public repositories or to users within private Bitbucket repositories if the attacker has the required read permissions. From here a threat actor can gain access to a system and potentially export sensitive data.

Vulnerability Detection

Vulnerability affects all versions listed below.

Affected Products

Bitbucket Server and Data Center 7.6
Bitbucket Server and Data Center 7.17
Bitbucket Server and Data Center 7.21
Bitbucket Server and Data Center 8.0
Bitbucket Server and Data Center 8.1
Bitbucket Server and Data Center 8.2
Bitbucket Server and Data Center 8.3

Containment, Mitigations & Remediations

To disable the vulnerability, it is highly advised that customers immediately patch to the associated fixed version recently provided by Atlassian.

Bitbucket Server and Data Center 7.6, patch to 7.6.17 or newer
Bitbucket Server and Data Center 7.17, patch to 7.17.10 or newer
Bitbucket Server and Data Center 7.21, patch to 7.21.4 or newer
Bitbucket Server and Data Center 8.0, patch to 8.0.3 or newer
Bitbucket Server and Data Center 8.1, patch to 8.1.3 or newer
Bitbucket Server and Data Center 8.2, patch to 8.2.2 or newer
Bitbucket Server and Data Center 8.3, patch to 8.3.1 or newer

Indicators of Compromise

None.

Threat Landscape

Atlassian products such as these are used by a wide array of businesses across the world, thereby affording any attacker a vast choice of potential targets. This vulnerability is part of a continuous cycle of weakness discovery and followed by security patching. This trend will almost certainly continue and thus the process of regular patching cycles must be adhered to to ensure business systems are as secure as possible.

Threat Group

No specific groups have been linked to this vulnerability.

Mitre Methodologies

T1190 – Exploit Public Facing Application

T1078 – Valid Accounts

Further Information

Atlassian – Advisory Center