There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
History

Wed, 02 Oct 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: atlassian

Published: 2022-11-17T00:00:01.210Z

Updated: 2024-10-02T14:56:09.693Z

Reserved: 2022-10-26T14:49:11.114Z

Link: CVE-2022-43781

cve-icon Vulnrichment

Updated: 2024-08-03T13:40:06.623Z

cve-icon NVD

Status : Modified

Published: 2022-11-17T00:15:18.483

Modified: 2024-10-02T15:35:02.723

Link: CVE-2022-43781

cve-icon Redhat

No data.