Disclosure Date 2022/11/16

CVE-2022-43781

Remote code execution in Atlassian BitBucket

Atlassian BitbucketにおけるRCE (Remote Code Execution)

Credit

RyotaK

Description

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system.

Back