The Hacker News reports that Atlassian has issued fixes for critical security vulnerabilities in its Bitbucket Server, Crowd, and Data Center offerings.
Atlassian BitBucket Server and Data Center versions 7.0 to 7.21 and 8.0 to 8.4 with false mesh.enabled are impacted by CVE-2022-43781, a command injection flaw that could help facilitate code execution.
Disabling the "Public Signup" option could curb exploitation of the flaw as a temporary workaround, according to Atlassian.
"ADMIN or SYS_ADMIN authenticated users still have the ability to exploit the vulnerability when public signup is disabled," Atlassian noted.
Meanwhile, Crowd Server and Data Center products are affected by the second bug, CVE-2022-43782, which involves a misconfiguration that could enable invoking of privileged API endpoints as long as attackers are connected from an IP address included in Remote Access configuration. Immediate patching of the aforementioned flaws has been recommended as exploitation of Atlassian and Bitbucket flaws have been prevalent.
Vulnerability Management, Cloud Security, Network Security
Critical Atlassian vulnerabilities addressed
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds