CVE-2022-43781

Description from NVD

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.

Information Acquisition Date:2022-11-21T14:51Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://confluence.atlassian.com/x/Y4hXRg
     source:MISC
     tags:Mitigation    Release Notes    Vendor Advisory    
 https://jira.atlassian.com/browse/BSERV-13522
     source:MISC
     tags:Issue Tracking    Patch    Vendor Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Windows(1 tweets) Wordpress(1 tweets) iOS(3 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com49
https://thehackernews.com/2022/11/atlassian-releases-patche...11
https://petrusviet.medium.com/cve-2022-43781-32bc29de89606
https://securityonline.info/cve-2022-43781-critical-bitbuck...5
https://noticiasseguridad.com/vulnerabilidades/cve-2022-437...5
https://twitter.com/VietPetrus/status/15938585108060569604

▼ Show Information from Twitter(125)


List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com49
thehackernews.com11
petrusviet.medium.com6
securityonline.info5
noticiasseguridad.com5
twitter.com4

▼ Show Information from Twitter(125)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2022/12/02 Score : 2
Added Har-sia Database : 2022/11/17
Last Modified : 2022/12/02
Highest Scored Date : 2022/11/19
Highest Score : 32