CVE-2022-36804: Atlassian Bitbucket Server and Data Center Command

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability. Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

• CISA KEV-listed (remediation due 2022-10-21)
• EPSS 94.4% (100.0% percentile)

Detection rules

• Atlassian Bitbucket Command Injection Via Archive API high

Browse the CVE database

Read the full analysis on IntelFusions