Bitbucket Server & Data Center - Critical severity command injection vulnerability - CVE-2022-36804

This advisory is a critical severity security vulnerability that was introduced in version 7.0.0 of Bitbucket Server and Data Center. All versions released after 6.10.17 including 7.0.0 and newer are affected. This means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability.

Bitbucket Cloud is not affected.

The goal of this article is to help raise awareness for this critical vulnerability and to provide you a means to ask further questions about this in Community if needed. Please review the complete advisory and the FAQ page for details on follow-up actions.

Additional information:

3 comments

Dave Liao
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 24, 2022

@Earl McCutcheon - thank you brave potato!*

* at the time of this comment, your avatar was a cute potato 🤣

Like # people like this
RBS March 10, 2023

CVE-2022-36804 not 3680.

Like Dave Liao likes this
Dave Liao
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
March 10, 2023

@RBS - good catch!

@Earl McCutcheon - FYI, I renamed this article from

Bitbucket Server and Data Center - Critical severity command injection vulnerability - CVE-2022-3680

to

Bitbucket Server & Data Center - Critical severity command injection vulnerability - CVE-2022-36804

Had no idea there were article title limits on Community, but there you go. 🙃

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events