CVE-2022-36804

Name of the Vulnerable Software and Affected Versions Atlassian Bitbucket Server and Data Center versions 7.0.0 through 7.6.17 Atlassian Bitbucket Server and Data Center versions 7.7.0 through 7.17.10 Atlassian Bitbucket Server and Data Center versions 7.18.0 through 7.21.4 Atlassian Bitbucket Server and Data Center versions 8.0.0 through 8.0.3 Atlassian Bitbucket Server and Data Center versions 8.1.0 through 8.1.3 Atlassian Bitbucket Server and Data Center versions 8.2.0 through 8.2.2 Atlassian Bitbucket Server and Data Center versions 8.3.0 through 8.3.1

Description The issue allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This is due to errors in processing input data in the API interface of the tool for hosting, managing, and collaborating on Git code. The vulnerability was reported via the Bug Bounty Program.

Recommendations For versions 7.0.0 through 7.6.17, update to version 7.6.17 or later. For versions 7.7.0 through 7.17.10, update to version 7.17.10 or later. For versions 7.18.0 through 7.21.4, update to version 7.21.4 or later. For versions 8.0.0 through 8.0.3, update to version 8.0.3 or later. For versions 8.1.0 through 8.1.3, update to version 8.1.3 or later. For versions 8.2.0 through 8.2.2, update to version 8.2.2 or later. For versions 8.3.0 through 8.3.1, update to version 8.3.1 or later.