Project of AEREZONA DEVELOPERS. Contact Us at: +92-300-3308001 email at: [email protected]
HomeTech NewsCybersecurityPatch now! Attacks on Atlassian Bitbucket Server

Patch now! Attacks on Atlassian Bitbucket Server

Published on

- Advertisement -

Security researchers and a US security agency warn that attackers are targeting Bitbucket Server.

 

Attackers are currently using a “critical‘ classified vulnerability in Atlassian Bitbucket Server. The vulnerability also affects Bitbucket Data Center. Cloud access via bitbucket.org is not affected by the vulnerability. The extent to which the attacks are taking place is currently unknown.

- Advertisement -

Software developers can use the Bitbucket online service to implement version management for their software projects. If attacks are successful, attackers could push malicious code onto systems and execute it. If such attacks succeed, systems are generally considered to be completely compromised. Security researchers warn of the attacks for example on Twitter. The US security authority Cybersecurity & Infrastructure Agency (CISA) also advises admins to close the vulnerability (CVE-2022-36804) quickly.

The vulnerability has been known since the end of August 2022. As a prerequisite for attacks, attackers need access to a public Bitbucket repository. If so, they could initiate attacks by sending crafted HTTP requests. Attacks are possible starting with versions 6.10.17 of Bitbucket Server and Bitbucket Data Center. These versions are secured against the attacks:

  • Bitbucket Server and Bitbucket Data Center from 7.6.17 (LTS)
  • Bitbucket Server and Bitbucket Data Center from 7.17.10 (LTS)
  • Bitbucket Server and Bitbucket Data Center from 7.21.4 (LTS)
  • Bitbucket Server and Bitbucket Data Center 8.0.3 or later
  • Bitbucket Server and Bitbucket Data Center 8.1.3 or later
  • Bitbucket Server and Bitbucket Data Center 8.2.2 or later
  • Bitbucket Server and Bitbucket Data Center 8.3.1 or later

If the security update cannot be installed immediately, admins should allow access to public repositories via feature.public.access=false lock them until they can install the security patch.

- Advertisement -

Latest articles

New Apple Card customers can get 5% cash back

One of the products that has not yet officially arrived in Spain, but that...

Prime Video overtakes Netflix subscribers and leads streaming in the US

Prime Video has overtaken Netflix subscribers to become the top streaming service in the...

More like this