Vulnerability-Lookup

CVE-2022-36804 (GCVE-0-2022-36804)

Vulnerability from cvelistv5 – Published: 2022-08-25 05:40 – Updated: 2025-10-21 23:15

Summary

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Assigner

atlassian

References

URL

Tags

	https://jira.atlassian.com/browse/BSERV-13438
	http://packetstormsecurity.com/files/168470/Bitbu…
	http://packetstormsecurity.com/files/171453/Bitbu…

Impacted products

Vendor

Product

Version

Atlassian

Bitbucket Server

Affected: 7.0.0 , < unspecified (custom)
Affected: unspecified , < 7.6.17 (custom)
Affected: 7.7.0 , < unspecified (custom)
Affected: unspecified , < 7.17.10 (custom)
Affected: 7.18.0 , < unspecified (custom)
Affected: unspecified , < 7.21.4 (custom)
Affected: 8.0.0 , < unspecified (custom)
Affected: unspecified , < 8.0.3 (custom)
Affected: 8.1.0 , < unspecified (custom)
Affected: unspecified , < 8.1.3 (custom)
Affected: 8.2.0 , < unspecified (custom)
Affected: unspecified , < 8.2.2 (custom)
Affected: 8.3.0 , < unspecified (custom)
Affected: unspecified , < 8.3.1 (custom)

Atlassian

Bitbucket Data Center

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:14:28.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BSERV-13438"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-36804",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T16:19:10.861167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-09-30",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-78",
                "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-88",
                "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:36.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-09-30T00:00:00+00:00",
            "value": "CVE-2022-36804 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Bitbucket Server",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Bitbucket Data Center",
          "vendor": "Atlassian",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.17",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.17.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.18.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.21.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-24T00:00:00.000Z",
        "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
        "shortName": "atlassian"
      },
      "references": [
        {
          "url": "https://jira.atlassian.com/browse/BSERV-13438"
        },
        {
          "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66",
    "assignerShortName": "atlassian",
    "cveId": "CVE-2022-36804",
    "datePublished": "2022-08-25T05:40:08.899Z",
    "dateReserved": "2022-07-26T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:36.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-36804",
      "cwes": "[\"CWE-78\", \"CWE-88\", \"CWE-158\"]",
      "dateAdded": "2022-09-30",
      "dueDate": "2022-10-21",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://jira.atlassian.com/browse/BSERV-13438;  https://nvd.nist.gov/vuln/detail/CVE-2022-36804",
      "product": "Bitbucket Server and Data Center",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.",
      "vendorProject": "Atlassian",
      "vulnerabilityName": "Atlassian Bitbucket Server and Data Center Command Injection Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"cna\": {\"datePublic\": \"2022-08-24T00:00:00.000Z\", \"providerMetadata\": {\"orgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"shortName\": \"atlassian\", \"dateUpdated\": \"2023-03-24T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.\"}], \"affected\": [{\"vendor\": \"Atlassian\", \"product\": \"Bitbucket Server\", \"versions\": [{\"version\": \"7.0.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.6.17\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"7.7.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.17.10\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"7.18.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.21.4\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.0.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.0.3\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.1.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.1.3\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.2.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.2.2\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.3.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.3.1\", \"status\": \"affected\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Atlassian\", \"product\": \"Bitbucket Data Center\", \"versions\": [{\"version\": \"7.0.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.6.17\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"7.7.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.17.10\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"7.18.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"7.21.4\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.0.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.0.3\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.1.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.1.3\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.2.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.2.2\", \"status\": \"affected\", \"versionType\": \"custom\"}, {\"version\": \"8.3.0\", \"status\": \"affected\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"version\": \"unspecified\", \"lessThan\": \"8.3.1\", \"status\": \"affected\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://jira.atlassian.com/browse/BSERV-13438\"}, {\"url\": \"http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html\"}, {\"url\": \"http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html\"}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"text\", \"lang\": \"en\", \"description\": \"Remote Code Execution\"}]}]}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T10:14:28.471Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://jira.atlassian.com/browse/BSERV-13438\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html\", \"tags\": [\"x_transferred\"]}]}, {\"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-36804\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T16:19:10.861167Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-09-30\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804\"}}}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-88\", \"description\": \"CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T16:18:53.058Z\"}, \"timeline\": [{\"time\": \"2022-09-30T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2022-36804 added to CISA KEV\"}], \"title\": \"CISA ADP Vulnrichment\"}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-36804\", \"assignerOrgId\": \"f08a6ab8-ed46-4c22-8884-d911ccfe3c66\", \"assignerShortName\": \"atlassian\", \"dateUpdated\": \"2025-10-21T19:45:59.972Z\", \"dateReserved\": \"2022-07-26T00:00:00.000Z\", \"datePublished\": \"2022-08-25T05:40:08.899Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-36804

Vulnerability from fkie_nvd - Published: 2022-08-25 06:15 - Updated: 2025-10-24 13:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@atlassian.com	http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
security@atlassian.com	http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
security@atlassian.com	https://jira.atlassian.com/browse/BSERV-13438	Issue Tracking, Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://jira.atlassian.com/browse/BSERV-13438	Issue Tracking, Patch, Release Notes, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804	US Government Resource

Impacted products

Vendor	Product	Version
atlassian	bitbucket	*
atlassian	bitbucket	*
atlassian	bitbucket	*
atlassian	bitbucket	*
atlassian	bitbucket	*
atlassian	bitbucket	*
atlassian	bitbucket	8.3.0

JSON

To clipboard

{
  "cisaActionDue": "2022-10-21",
  "cisaExploitAdd": "2022-09-30",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Atlassian Bitbucket Server and Data Center Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F27ACB-8092-49D9-B3E6-84202A474E07",
              "versionEndExcluding": "7.6.17",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4841A291-6ED4-46BF-A20D-9B6C580D0848",
              "versionEndExcluding": "7.17.10",
              "versionStartIncluding": "7.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA55F12-AE5A-4EB0-8A9D-F8C931470686",
              "versionEndExcluding": "7.21.4",
              "versionStartIncluding": "7.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF552168-931B-4D5C-8D61-371F00517217",
              "versionEndExcluding": "8.0.3",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "86586513-D050-4522-91EE-E10A2C0D36DA",
              "versionEndExcluding": "8.1.3",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D177223-A7CD-48D7-9AE6-709D769C8466",
              "versionEndExcluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:bitbucket:8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "067642A5-9F53-4ADC-956B-B2576853A3FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples endpoints de la API en Atlassian Bitbucket Server y Data Center 7.0.0 versiones anteriores a 7.6.17, desde versiones 7.7.0 anteriores a 7.17.10, desde versiones 7.18.0 anteriores a 7.21.4, desde versiones 8.0.0 anteriores a 8.0.3, desde versiones 8.1. 0 versiones anteriores a 8.1.3, y desde versiones 8.2.0 anteriores a 8.2.2, y desde versiones 8.3.0 anteriores a 8.3.1, permite a atacantes remotos con permisos de lectura en un repositorio p\u00fablico o privado de Bitbucket ejecutar c\u00f3digo arbitrario enviando una petici\u00f3n HTTP maliciosa. Esta vulnerabilidad fue reportada por medio de nuestro programa Bug Bounty por TheGrandPew."
    }
  ],
  "id": "CVE-2022-36804",
  "lastModified": "2025-10-24T13:37:44.367",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-08-25T06:15:09.077",
  "references": [
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
    },
    {
      "source": "security@atlassian.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jira.atlassian.com/browse/BSERV-13438"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
    }
  ],
  "sourceIdentifier": "security@atlassian.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        },
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        },
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CNVD-2022-60680

Vulnerability from cnvd - Published: 2022-08-31

Title

Atlassian Bitbucket Server和Data Center命令执行漏洞

Description

Atlassian Bitbucket Server是澳大利亚Atlassian公司的一款Git代码托管解决方案。该方案能够管理并审查代码，具有差异视图、JIRA集成和构建集成等功能。 Atlassian Bitbucket Server和Data Center存在命令执行漏洞，该漏洞是由于多个API端点中的漏洞造成的。通过发送精心编制的HTTP请求，攻击者可利用此漏洞在系统上执行任意命令。

Severity

高

Patch Name

Atlassian Bitbucket Server和Data Center命令执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://jira.atlassian.com/browse/BSERV-13438

Reference

https://cxsecurity.com/cveshow/CVE-2022-36804/

Impacted products

Name
['Atlassian Atlassian Bitbucket Server and Data Center >=7.0.0，<=7.6.17', 'Atlassian Atlassian Bitbucket Server and Data Center >=7.7.0，<=7.17.10', 'Atlassian Atlassian Bitbucket Server and Data Center >=7.18.0，<=7.21.4', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.0.0，<=8.0.3', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.1.0，<=8.1.3', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.2.0，<=8.2.2', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.3.0，<=8.3.1']

Name

['Atlassian Atlassian Bitbucket Server and Data Center >=7.0.0，<=7.6.17', 'Atlassian Atlassian Bitbucket Server and Data Center >=7.7.0，<=7.17.10', 'Atlassian Atlassian Bitbucket Server and Data Center >=7.18.0，<=7.21.4', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.0.0，<=8.0.3', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.1.0，<=8.1.3', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.2.0，<=8.2.2', 'Atlassian Atlassian Bitbucket Server and Data Center >=8.3.0，<=8.3.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-36804"
    }
  },
  "description": "Atlassian Bitbucket Server\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\u516c\u53f8\u7684\u4e00\u6b3eGit\u4ee3\u7801\u6258\u7ba1\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u5e76\u5ba1\u67e5\u4ee3\u7801\uff0c\u5177\u6709\u5dee\u5f02\u89c6\u56fe\u3001JIRA\u96c6\u6210\u548c\u6784\u5efa\u96c6\u6210\u7b49\u529f\u80fd\u3002\n\nAtlassian Bitbucket Server\u548cData Center\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u591a\u4e2aAPI\u7aef\u70b9\u4e2d\u7684\u6f0f\u6d1e\u9020\u6210\u7684\u3002\u901a\u8fc7\u53d1\u9001\u7cbe\u5fc3\u7f16\u5236\u7684HTTP\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://jira.atlassian.com/browse/BSERV-13438",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-60680",
  "openTime": "2022-08-31",
  "patchDescription": "Atlassian Bitbucket Server\u662f\u6fb3\u5927\u5229\u4e9aAtlassian\u516c\u53f8\u7684\u4e00\u6b3eGit\u4ee3\u7801\u6258\u7ba1\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u80fd\u591f\u7ba1\u7406\u5e76\u5ba1\u67e5\u4ee3\u7801\uff0c\u5177\u6709\u5dee\u5f02\u89c6\u56fe\u3001JIRA\u96c6\u6210\u548c\u6784\u5efa\u96c6\u6210\u7b49\u529f\u80fd\u3002\r\n\r\nAtlassian Bitbucket Server\u548cData Center\u5b58\u5728\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8e\u591a\u4e2aAPI\u7aef\u70b9\u4e2d\u7684\u6f0f\u6d1e\u9020\u6210\u7684\u3002\u901a\u8fc7\u53d1\u9001\u7cbe\u5fc3\u7f16\u5236\u7684HTTP\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Atlassian Bitbucket Server\u548cData Center\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=7.0.0\uff0c\u003c=7.6.17",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=7.7.0\uff0c\u003c=7.17.10",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=7.18.0\uff0c\u003c=7.21.4",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=8.0.0\uff0c\u003c=8.0.3",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=8.1.0\uff0c\u003c=8.1.3",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=8.2.0\uff0c\u003c=8.2.2",
      "Atlassian Atlassian Bitbucket Server and Data Center \u003e=8.3.0\uff0c\u003c=8.3.1"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2022-36804/",
  "serverity": "\u9ad8",
  "submitTime": "2022-08-31",
  "title": "Atlassian Bitbucket Server\u548cData Center\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"
}

CVE-2022-36804

Vulnerability from fstec - Published: 29.08.2022

Title

Уязвимость интерфейса API инструмента для размещения кода, управления и совместной работы на основе Git Bitbucket Server and Data Center, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость интерфейса API инструмента для размещения кода, управления и совместной работы на основе Git Bitbucket Server and Data Center связана с ошибками при обработке входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированного HTTP-запроса

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Atlassian

Software Name

Bitbucket Server and Data Center

Software Version

от 7.0.0 до 7.6.17 (Bitbucket Server and Data Center), от 7.7.0 до 7.17.10 (Bitbucket Server and Data Center), от 7.18.0 до 7.21.4 (Bitbucket Server and Data Center), от 8.0.0 до 8.0.3 (Bitbucket Server and Data Center), от 8.1.0 до 8.1.3 (Bitbucket Server and Data Center), от 8.2.0 до 8.2.2 (Bitbucket Server and Data Center), от 8.3.0 до 8.3.1 (Bitbucket Server and Data Center)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - отключение обедоступных репозиториев, для этого установите параметр feature.public.access=false; - использование средств межсетевого экранирования уровня веб-приложений; - применение систем обнаружения и предотвращения вторжений. Использование рекомендаций производителя: https://jira.atlassian.com/browse/BSERV-13438

Reference

https://jira.atlassian.com/browse/BSERV-13438 http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Atlassian",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 7.0.0 \u0434\u043e 7.6.17 (Bitbucket Server and Data Center), \u043e\u0442 7.7.0 \u0434\u043e 7.17.10 (Bitbucket Server and Data Center), \u043e\u0442 7.18.0 \u0434\u043e 7.21.4 (Bitbucket Server and Data Center), \u043e\u0442 8.0.0 \u0434\u043e 8.0.3 (Bitbucket Server and Data Center), \u043e\u0442 8.1.0 \u0434\u043e 8.1.3 (Bitbucket Server and Data Center), \u043e\u0442 8.2.0 \u0434\u043e 8.2.2 (Bitbucket Server and Data Center), \u043e\u0442 8.3.0 \u0434\u043e 8.3.1 (Bitbucket Server and Data Center)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043e\u0431\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0435\u0432, \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 feature.public.access=false;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://jira.atlassian.com/browse/BSERV-13438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.08.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "29.08.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05364",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-36804",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Bitbucket Server and Data Center",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 API \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Git Bitbucket Server and Data Center, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 API \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430, \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438 \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e\u0439 \u0440\u0430\u0431\u043e\u0442\u044b \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Git Bitbucket Server and Data Center \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434  \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://jira.atlassian.com/browse/BSERV-13438\nhttp://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

GHSA-VCM2-J8F4-M7FJ

Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2025-10-22 00:32

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-36804"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-25T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",
  "id": "GHSA-vcm2-j8f4-m7fj",
  "modified": "2025-10-22T00:32:35Z",
  "published": "2022-08-26T00:03:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36804"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/BSERV-13438"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-36804"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2022-36804

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-36804

Aliases

CVE-2022-36804

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-36804",
    "description": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",
    "id": "GSD-2022-36804"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-36804"
      ],
      "details": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.",
      "id": "GSD-2022-36804",
      "modified": "2023-12-13T01:19:21.544348Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@atlassian.com",
        "DATE_PUBLIC": "2022-08-24T00:00:00",
        "ID": "CVE-2022-36804",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Bitbucket Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.6.17"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.7.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.17.10"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.18.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.21.4"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.0.3"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.1.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.1.3"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.2.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.2.2"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.3.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.3.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Bitbucket Data Center",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.6.17"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.7.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.17.10"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "7.18.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.21.4"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.0.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.0.3"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.1.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.1.3"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.2.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.2.2"
                        },
                        {
                          "version_affected": "\u003e=",
                          "version_value": "8.3.0"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Atlassian"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://jira.atlassian.com/browse/BSERV-13438",
            "refsource": "MISC",
            "url": "https://jira.atlassian.com/browse/BSERV-13438"
          },
          {
            "name": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:8.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.2.2",
                "versionStartIncluding": "8.2.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.1.3",
                "versionStartIncluding": "8.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.0.3",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.6.17",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.17.10",
                "versionStartIncluding": "7.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.21.4",
                "versionStartIncluding": "7.18.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@atlassian.com",
          "ID": "CVE-2022-36804"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.atlassian.com/browse/BSERV-13438",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://jira.atlassian.com/browse/BSERV-13438"
            },
            {
              "name": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/171453/Bitbucket-7.0.0-Remote-Command-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-24T19:15Z",
      "publishedDate": "2022-08-25T06:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-36804 (GCVE-0-2022-36804)

FKIE_CVE-2022-36804

CNVD-2022-60680

CVE-2022-36804

GHSA-VCM2-J8F4-M7FJ

GSD-2022-36804

Tags

Sightings

Nomenclature