← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-36804 — Actively Exploited: Bitbucket Server and Data Center (Atlassian)

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

CVE IDCVE-2022-36804
VendorAtlassian
ProductBitbucket Server and Data Center
Vulnerability nameAtlassian Bitbucket Server and Data Center Command Injection Vulnerability
Date added2022-09-30
Remediation due2022-10-21
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionMultiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →