DETECTION OVERVIEW

Atlassian Bitbucket Server and Data Center Exploit - CVE-2022-36804

Risk Factors

An attacker with network access to a vulnerable device can leverage public exploit code or attack tools to access server data. Depending on the data accessed, the impact can be significant if important data is stolen, modified, or deleted.

Kill Chain

Exploitation

Risk Score

Attack Background

Atlassian Bitbucket is a Git management tool that enables users to create repositories to store files. Bitbucket has a vulnerability in how it sanitizes HTTP requests with null bytes, which enables command injection. An unauthenticated user with read access to a public repository or an authenticated user with read access to a private repository can exploit this vulnerability to run shell commands on the Atlassian server. The attacker sends a malicious HTTP request with URL-encoded null bytes (%00) followed by an argument (--exec), command, and null bytes followed by an argument (--remote).

Mitigation Options

Upgrade to Bitbucket Server and Data Center 7.6.17, 7.17.10, 17.21.4, 8.0.3, 8.1.3, 8.2.2, or 8.3.1

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases