admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2022/CVE-2022-43781.md

19 lines
964 B
Markdown
Raw Permalink Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2022-43781](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43781)
![](https://img.shields.io/static/v1?label=Product&message=Bitbucket%20Data%20Center&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Bitbucket%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=!%20before%207.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=RCE%20(Remote%20Code%20Execution)&color=brighgreen)
### Description
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
Reference in New Issue Copy Permalink