logo
Vulnerability feed
Contributors
About
Blog
CONTRIBUTE

Vulnerability

warn

CVE-2022-36804

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-36804

Description:
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
Last updated date:
03/24/2023

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
09/30/2022
Reference url to background

https://twitter.com/Shadowserver/status/1573300004072132608

Type:
exploitation
Confidence:
HIGH
Date of publishing:
09/30/2022
Reference url to background

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/03/2022
Reference url to background

https://github.com/cryptolakk/CVE-2022-36804-RCE

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/04/2022
Reference url to background

https://github.com/CEOrbey/CVE-2022-36804-POC

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/07/2022
Reference url to background

https://github.com/notdls/CVE-2022-36804

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/10/2022
Reference url to background

https://github.com/CEOrbey/CVE-2022-36804-MASS-RCE

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/19/2022
Reference url to background

https://github.com/notxesh/CVE-2022-36804-PoC

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/20/2022
Reference url to background

https://github.com/BenHays142/CVE-2022-36804-PoC-Exploit

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/20/2022
Reference url to background

https://github.com/Vulnmachines/bitbucket-cve-2022-36804

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/21/2022
Reference url to background

https://github.com/kljunowsky/CVE-2022-36804-POC

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/21/2022
Reference url to background

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/bitbucket_git_cmd_injection.rb

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/23/2022
Reference url to background

https://github.com/trhacknon/CVE-2022-36804-ReverseShell

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/25/2022
Reference url to background

https://github.com/tahtaciburak/cve-2022-36804

Type:
exploit
Confidence:
HIGH
Date of publishing:
09/26/2022
Reference url to background

https://github.com/Inplex-sys/CVE-2022-36804

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/01/2022
Reference url to background

http://packetstormsecurity.com/files/168470/Bitbucket-Git-Command-Injection.html

Type:
exploit
Confidence:
HIGH
Date of publishing:
10/04/2022
Reference url to background

https://github.com/ColdFusionX/CVE-2022-36804

Type:
exploit
Confidence:
HIGH
Date of publishing:
01/23/2023
Reference url to background

https://github.com/walnutsecurity/cve-2022-36804

Vulnerability FeedContributorsAboutBlog

@inTheWild

©2023

Privacy Policy