Critical severity9.8NVD Advisory· Published Nov 17, 2022· Updated Jun 17, 2026
CVE-2022-43781
CVE-2022-43781
Description
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)range: before 7.17.12
- Range: before 7.17.12
Patches
Vulnerability mechanics
References
2- jira.atlassian.com/browse/BSERV-13522nvdIssue TrackingPatchVendor Advisory
- confluence.atlassian.com/x/Y4hXRgnvdMitigationRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.