CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://confluence.atlassian.com/x/Y4hXRg	Mitigation Release Notes Vendor Advisory
https://jira.atlassian.com/browse/BSERV-13522	Issue Tracking Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::
	cpe:2.3:a:atlassian:bitbucket::::::::

Information

Published : 2022-11-16 16:15

Updated : 2022-11-18 10:51

NVD link : CVE-2022-43781

Mitre link : CVE-2022-43781

JSON object : View

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Advertisement

Products Affected

atlassian

bitbucket

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://confluence.atlassian.com/x/Y4hXRg", "name": "https://confluence.atlassian.com/x/Y4hXRg", "tags": ["Mitigation", "Release Notes", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://jira.atlassian.com/browse/BSERV-13522", "name": "https://jira.atlassian.com/browse/BSERV-13522", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled \u201cAllow public signup\u201d."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-43781", "ASSIGNER": "security@atlassian.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2022-11-17T00:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.4.2", "versionStartIncluding": "8.4.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.6.19", "versionStartIncluding": "7.0.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.17.12", "versionStartIncluding": "7.7.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "7.21.6", "versionStartIncluding": "7.18.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.1.5", "versionStartIncluding": "8.1.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.4", "versionStartIncluding": "8.2.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.3.3", "versionStartIncluding": "8.3.0"}, {"cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.0.5", "versionStartIncluding": "7.22.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-18T18:51Z"}