QID 520012

Bitbucket is a Git-based source code repository hosting service owned by Atlassian.

Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE (Remote Code Execution).

Affected versions :
Atlassian Bitbucket Server and Data Center version from 7.17.0 to version 7.20.3
Atlassian Bitbucket Server and Data Center version from 7.21.0 to version 7.21.15
Atlassian Bitbucket Server and Data Center version from 8.0.0 to Version 8.7.5
Atlassian Bitbucket Server and Data Center version from 8.8.0 to Version 8.8.6
Atlassian Bitbucket Server and Data Center version from 8.9.0 to Version 8.9.3
Atlassian Bitbucket Server and Data Center version from 8.10.0 to Version 8.10.3
Atlassian Bitbucket Server and Data Center version from 8.11.0 to Version 8.11.2
Atlassian Bitbucket Server and Data Center version 8.12.0

QID Detection Logic:(Unauthenticated):
It checks for vulnerable version of Atlassian Bitbucket Server.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the target system.