Command injection vulnerability in Atlassian Bitbucket Server - CVE-2022-36804 (Mac OS)ID: oval:org.secpod.oval:def:84591 | Date: (C)2022-09-28 (M)2023-08-16 |
Class: VULNERABILITY | Family: macos |
The host is installed with Atlassian Bitbucket Server 7.0.0 before 7.6.17, 7.7.0 before 7.17.10, 7.18.0 before 7.21.4, 8.0.0 before 8.0.3, 8.1.0 before 8.1.3, and 8.2.0 before 8.2.2 or 8.3.0 before 8.3.1 and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle an issue in multiple API endpoints. Successful exploitation allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.
Platform: |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS 11 |
Apple Mac OS 12 |
Product: |
Atlassian Bitbucket Server |