There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-11-17T00:00:01.210Z
Updated: 2024-10-02T14:56:09.693Z
Reserved: 2022-10-26T14:49:11.114Z
Link: CVE-2022-43781
Vulnrichment
Updated: 2024-08-03T13:40:06.623Z
NVD
Status : Modified
Published: 2022-11-17T00:15:18.483
Modified: 2024-11-21T07:27:14.543
Link: CVE-2022-43781
Redhat
No data.