QID 520012
Date Published: 2023-12-13
QID 520012: Atlassian Bitbucket Data Center and Server Remote Code Execution (CVE-2022-1471)
Bitbucket is a Git-based source code repository hosting service owned by Atlassian.
Multiple Atlassian Data Center and Server Products use the SnakeYAML library for Java, which is susceptible to a deserialization flaw that can lead to RCE (Remote Code Execution).
Affected versions :
Atlassian Bitbucket Server and Data Center version from 7.17.0 to version 7.20.3
Atlassian Bitbucket Server and Data Center version from 7.21.0 to version 7.21.15
Atlassian Bitbucket Server and Data Center version from 8.0.0 to Version 8.7.5
Atlassian Bitbucket Server and Data Center version from 8.8.0 to Version 8.8.6
Atlassian Bitbucket Server and Data Center version from 8.9.0 to Version 8.9.3
Atlassian Bitbucket Server and Data Center version from 8.10.0 to Version 8.10.3
Atlassian Bitbucket Server and Data Center version from 8.11.0 to Version 8.11.2
Atlassian Bitbucket Server and Data Center version 8.12.0
QID Detection Logic:(Unauthenticated):
It checks for vulnerable version of Atlassian Bitbucket Server.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the target system.
- BSERV-14528 -
jira.atlassian.com/browse/BSERV-14528
CVEs related to QID 520012
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| BSERV-14528 |
jira.atlassian.com/browse/BSERV-14528 |