cvelist/2022/26xxx/CVE-2022-26133.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@atlassian.com",
        "DATE_PUBLIC": "2022-03-24T23:00:00",
        "ID": "CVE-2022-26133",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Bitbucket Data Center",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "5.14.0",
                                            "version_affected": ">="
                                        },
                                        {
                                            "version_value": "7.6.14",
                                            "version_affected": "<"
                                        },
                                        {
                                            "version_value": "7.7.0",
                                            "version_affected": ">="
                                        },
                                        {
                                            "version_value": "7.17.6",
                                            "version_affected": "<"
                                        },
                                        {
                                            "version_value": "7.18.0",
                                            "version_affected": ">="
                                        },
                                        {
                                            "version_value": "7.18.4",
                                            "version_affected": "<"
                                        },
                                        {
                                            "version_value": "7.19.0",
                                            "version_affected": ">="
                                        },
                                        {
                                            "version_value": "7.19.4",
                                            "version_affected": "<"
                                        },
                                        {
                                            "version_value": "7.20.0",
                                            "version_affected": "="
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Atlassian"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Deserialization of untrusted data"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "url": "https://jira.atlassian.com/browse/BSERV-13173",
                "refsource": "MISC",
                "name": "https://jira.atlassian.com/browse/BSERV-13173"
            },
            {
                "url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",
                "refsource": "MISC",
                "name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"
            }
        ]
    }
}
"-Synchronized-Data." 2022-02-26 00:01:16 +00:00			`{`
			`"CVE_data_meta": {`
CVE-2022-26133: java deserialization in Bitbucket Data Center 2022-04-20 14:25:45 -04:00			`"ASSIGNER": "security@atlassian.com",`
			`"DATE_PUBLIC": "2022-03-24T23:00:00",`
"-Synchronized-Data." 2022-02-26 00:01:16 +00:00			`"ID": "CVE-2022-26133",`
CVE-2022-26133: java deserialization in Bitbucket Data Center 2022-04-20 14:25:45 -04:00			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Bitbucket Data Center",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "5.14.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "7.6.14",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "7.7.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "7.17.6",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "7.18.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "7.18.4",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "7.19.0",`
			`"version_affected": ">="`
			`},`
			`{`
			`"version_value": "7.19.4",`
			`"version_affected": "<"`
			`},`
			`{`
			`"version_value": "7.20.0",`
			`"version_affected": "="`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Atlassian"`
			`}`
			`]`
			`}`
"-Synchronized-Data." 2022-02-26 00:01:16 +00:00			`},`
CVE-2022-26133: java deserialization in Bitbucket Data Center 2022-04-20 14:25:45 -04:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2022-02-26 00:01:16 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
CVE-2022-26133: java deserialization in Bitbucket Data Center 2022-04-20 14:25:45 -04:00			`"value": "SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization."`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Deserialization of untrusted data"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-04-20 19:01:35 +00:00			`"url": "https://jira.atlassian.com/browse/BSERV-13173",`
			`"refsource": "MISC",`
			`"name": "https://jira.atlassian.com/browse/BSERV-13173"`
CVE-2022-26133: java deserialization in Bitbucket Data Center 2022-04-20 14:25:45 -04:00			`},`
			`{`
"-Synchronized-Data." 2022-04-20 19:01:35 +00:00			`"url": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html",`
			`"refsource": "MISC",`
			`"name": "https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html"`
"-Synchronized-Data." 2022-02-26 00:01:16 +00:00			`}`
			`]`
			`}`
"-Synchronized-Data." 2022-04-20 19:01:35 +00:00			`}`