Bitbucket Server & Data Center - Critical severity command injection vulnerability - CVE-2022-36804

This advisory is a critical severity security vulnerability that was introduced in version 7.0.0 of Bitbucket Server and Data Center. All versions released after 6.10.17 including 7.0.0 and newer are affected. This means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability.

Bitbucket Cloud is not affected.

The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed. Please review the complete advisory and the FAQ page for details on follow-up actions.

Additional information:

• Customers with active licenses above the 10 user starter licenses can create support requests by visiting https://support.atlassian.com/contact/ Please note that you will be prompted to input your SEN number on this form

• Starter license customers can only receive technical support here in the Community per our support offerings.

• Should you have any additional questions about this vulnerability or upgrading Bitbucket in regards to this, please use this link to create a new question in Community in regards to this topic.