CVE-2023-22513

Name of the Vulnerable Software and Affected Versions Bitbucket Data Center and Server versions 8.0.0 through 8.9.4 Bitbucket Data Center and Server versions 8.10.0 through 8.10.4 Bitbucket Data Center and Server versions 8.11.0 through 8.11.3 Bitbucket Data Center and Server versions 8.12.0 through 8.12.1 Bitbucket Data Center and Server versions 8.13.0 through 8.13.0 Bitbucket Data Center and Server versions 8.14.0 through 8.14.0

Description This issue is related to a high severity Remote Code Execution vulnerability in Bitbucket Data Center and Server. The vulnerability allows an authenticated attacker to execute arbitrary code, which has a high impact on confidentiality, integrity, and availability, and requires no user interaction. It is estimated that around 2,064 devices may be affected. There have been reports of real-world incidents where this issue was exploited to implant a webshell, allowing persistence even after the vulnerability is patched.

Recommendations For Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 For Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 For Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 For Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 For Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 For Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 For Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions.