CVE-2022-36804 — Actively Exploited: Bitbucket Server and Data Center (Atlassian)
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
| CVE ID | CVE-2022-36804 |
|---|---|
| Vendor | Atlassian |
| Product | Bitbucket Server and Data Center |
| Vulnerability name | Atlassian Bitbucket Server and Data Center Command Injection Vulnerability |
| Date added | 2022-09-30 |
| Remediation due | 2022-10-21 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →