External risk intelligence

Atlassian Bitbucket Allows Code Execution via Malicious Request.

CVE advisoryKnown Exploit

CVE-2022-36804

Atlassian Bitbucket Server and Data Center contain a vulnerability allowing remote attackers with repository read access to execute arbitrary code via a malicious HTTP request, posing a business risk through potential system and data compromise.Atlassian Bitbucket Server and Data Center are affected by a vulnerability

4Halo Surface Signal

OS Command Injection

Atlassian Bitbucket

7.0.0 to before 7.6.177.7.0 to before 7.17.107.18.0 to before 7.21.48.0.0 to before 8.0.38.1.0 to before 8.1.38.2.0 to before 8.2.28.3.0

External exposure likelihood

Halo Surface Signal score for CVE-2022-36804

Atlassian Bitbucket Server and Data Center are commonly deployed as web-based enterprise collaboration platforms. These systems frequently serve as internet-facing application portals to facilitate remote access for distributed development teams, making the API endpoints involved in this vulnerability accessible via the public network in many standard deployment scenarios.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

Atlassian Bitbucket Server and Data Center contain a vulnerability that allows for arbitrary code execution. This flaw resides within multiple API endpoints, and an attacker with read access to a repository can exploit it by sending a specially crafted HTTP request. The potential impact includes unauthorized code execution on affected systems.

  • Vulnerable: Atlassian Bitbucket Server and Data Center API endpoints
  • Flaw: Malicious HTTP requests enable code execution
  • Impact: Unauthorized code execution on affected systems

Attack Path

How an attacker could exploit the issue

Remote attackers with read permissions to a Bitbucket repository can execute arbitrary code. This is achieved by sending a malicious HTTP request to vulnerable API endpoints. Successful exploitation allows attackers to gain control over the affected system.

  • Exposure: Network accessible API endpoints.
  • Attacker access: Read permissions on a repository.
  • Trigger: Malicious HTTP request.
  • Impact: Arbitrary code execution.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows attackers to execute arbitrary code on affected systems. The ease of exploitation, combined with the potential for significant data compromise and system disruption, presents a substantial risk. Organizations using vulnerable versions of Bitbucket Server and Data Center should prioritize remediation to mitigate potential business impact.

  • Attackers with low skill level.
  • Requires read access to a repository.
  • High business risk or urgency.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

An organization's Atlassian Bitbucket Server and Data Center instances with specific versions are vulnerable to remote code execution. Attackers with read permissions can exploit this by sending a malicious HTTP request. This could lead to unauthorized code execution and compromise of systems and data.

  • Identify affected Bitbucket assets.
  • Restrict network access to Bitbucket.
  • Apply vendor updates and verify.
  • Monitor for related activity.

Frequently asked questions

What is Atlassian Bitbucket Server and Data Center?

Atlassian Bitbucket Server and Data Center are software solutions for version control and code collaboration. They enable development teams to store, manage, and track changes in their source code, facilitating teamwork on software projects.

How does CVE-2022-36804 enable command injection?

CVE-2022-36804 is a command injection vulnerability. It allows remote attackers with read permissions on a Bitbucket repository to execute arbitrary code by sending a specially crafted malicious HTTP request to certain API endpoints.

What is required to trigger CVE-2022-36804?

To exploit CVE-2022-36804, an attacker needs read permissions to a Bitbucket repository (either public or private) and must send a malicious HTTP request to vulnerable API endpoints.

What is the relevance of CVE-2022-36804 to organizations?

This vulnerability poses a significant risk due to its ease of exploitation and the potential for arbitrary code execution, which could lead to substantial data compromise and system disruption.

What steps should be taken to address CVE-2022-36804?

Organizations should identify affected Bitbucket assets, restrict network access where possible, apply vendor updates promptly, and monitor for any related suspicious activity to mitigate the risk of unauthorized code execution and system compromise.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified