Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-36804


Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.


Published

2022-08-25T06:15:09.077

Last Modified

2025-02-09T20:50:44.560

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses
  • Type: Primary
    CWE-78
    CWE-88
  • Type: Secondary
    CWE-78
    CWE-88

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application atlassian bitbucket < 7.6.17 Yes
Application atlassian bitbucket < 7.17.10 Yes
Application atlassian bitbucket < 7.21.4 Yes
Application atlassian bitbucket < 8.0.3 Yes
Application atlassian bitbucket < 8.1.3 Yes
Application atlassian bitbucket < 8.2.2 Yes
Application atlassian bitbucket 8.3.0 Yes

References