CVE-2022-26133

Name of the Vulnerable Software and Affected Versions Atlassian Bitbucket Data Center versions 5.14.0 through 7.6.13 Atlassian Bitbucket Data Center versions 7.7.0 through 7.17.5 Atlassian Bitbucket Data Center versions 7.18.0 through 7.18.3 Atlassian Bitbucket Data Center versions 7.19.0 through 7.19.3 Atlassian Bitbucket Data Center version 7.20.0

Description The issue is related to the SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center, which allows a remote, unauthenticated attacker to execute arbitrary code via Java deserialization. This can be exploited by an attacker to gain unauthorized access. The vulnerability is also associated with the restoration of untrusted data in memory, which can lead to the execution of arbitrary code.

Recommendations For versions 5.14.0 through 7.6.13, update to version 7.6.14 or later. For versions 7.7.0 through 7.17.5, update to version 7.17.6 or later. For versions 7.18.0 through 7.18.3, update to version 7.18.4 or later. For versions 7.19.0 through 7.19.3, update to version 7.19.4 or later. For version 7.20.0, update to a version later than 7.20.0. As a temporary workaround, consider disabling the SharedSecretClusterAuthenticator until a patch is available.