CVSS: 10.0EPSS: 91%CPEs: 8EXPL: 1CVE-2022-43781 – Bitbucket Environment Variable Remote Command Injection
https://notcve.org/view.php?id=CVE-2022-43781
17 Nov 2022 — There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”. Existe una vulnerabilidad de inyección de comandos mediante variables de entorno en Bitbucket Server y Data Center. Un atacante con permiso para controlar su no... • https://packetstorm.news/files/id/171369 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 94%CPEs: 7EXPL: 22CVE-2022-36804 – Atlassian Bitbucket Server and Data Center Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-36804
25 Aug 2022 — Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnera... • https://packetstorm.news/files/id/171453 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •