PT-2022-27618 · Atlassian+3 · Bitbucket Server+5
Bingdian-So
·
Published
2022-12-13
·
Updated
2025-04-22
·
CVE-2022-45685
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Jettison versions prior to 1.5.2
Bitbucket Data Center and Server versions 7.17.0 through 8.12.0
Description
A stack overflow in Jettison allows attackers to cause a Denial of Service (DoS) via crafted JSON data. This issue has a high impact on availability, with no impact on confidentiality and integrity, and requires no user interaction.
Recommendations
For Jettison, upgrade to version 1.5.2 or later.
For Bitbucket Data Center and Server 7.21, upgrade to a release greater than or equal to 7.21.15.
For Bitbucket Data Center and Server 8.9, upgrade to a release greater than or equal to 8.9.4.
For Bitbucket Data Center and Server 8.10, upgrade to a release greater than or equal to 8.10.4.
For Bitbucket Data Center and Server 8.11, upgrade to a release greater than or equal to 8.11.3.
For Bitbucket Data Center and Server 8.12, upgrade to a release greater than or equal to 8.12.1.
Exploit
Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Bitbucket
Bitbucket Server
Jira
Linuxmint
Ubuntu