Unrated severityNVD Advisory· Published Nov 17, 2022· Updated Oct 2, 2024

CVE-2022-43781

Description

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.

Affected products

Atlassian/Bitbucket Data Centerv5
Range: before 7.17.12
Atlassian/Bitbucket Servercpe-rescue
Range: before 7.17.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

confluence.atlassian.com/x/Y4hXRgmitre
jira.atlassian.com/browse/BSERV-13522mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.070
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000