Skip to main content

Critical vulnerability in atlassian CVE-2022-43781 and CVE-2022-43782 in Bitbucket Server and Data Center

By TechNewsCentre


Atlassian Corporation is an Australian software company that develops products for software developers, project managers and other software development teams. The company is domiciled in Delaware, with global headquarters in Sydney, Australia, and US headquarters in San Francisco.
Recently atlassian fixed CVE-2022-43781 which affect Bitbucket server and datacenter. it is a command injection vulnerability. There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system.All versions of Bitbucket Server and Data Center from 7.0 to 7.21 are affected by this vulnerability. Versions 8.0 to 8.4 of Bitbucket Server and Data Center are also affected by this vulnerability if mesh.enabled=false is set in bitbucket.properties.
This advisory discloses a critical-severity security misconfiguration vulnerability, which was introduced in Crowd 3.0.0. All versions released after 3.0.0 are affected but only if both of the following conditions are met:

    the vulnerability concerns only new installations of affected versions: if you upgraded from an earlier version, for example version 2.9.1, to version 3.0.0 or later, your instance is not affected.

        A new installation is defined by an instance of Crowd that is the same version that you originally downloaded from the downloads page and has not been upgraded since

    an IP address has been added to the Remote Address configuration of the crowd application (which is none by default in versions after 3.0.0)

The vulnerability allows an attacker connecting from IP in the allow list to authenticate as the crowd application through bypassing a password check. This would allow the attacker to call privileged endpoints in Crowd's REST API under the usermanagement path. As explained above, it can only be exploited by IPs specified under the crowd application’s allowlist in the Remote Addresses configuration. To remediate the vulnerability, Atlassian recommends that you upgrade your instance to one of the fixed versions listed in the ‘Fixed Versions' section below.

Comments

Post a Comment

Popular posts from this blog

Unleashing Chaos: Craxs Rat Update V5 Introduces Terrifying New Features

By TechNewsCentre
The notorious Craxs Rat malware has recently unleashed its latest version, Update V5, introducing a range of new features and enhancements. This update further strengthens the capabilities of Craxs Rat, posing an increased threat to individuals and organizations alike. In this article, we delve into the details of the updated features of Craxs Rat V5, shedding light on its improved functionality and potential impact on cybersecurity.
Post a Comment
Read more

Prilex: The Most Advanced PoS Malware with the Ability to Block Contactless Payments

By TechNewsCentre
Prilex is a highly advanced malware that has evolved from ATM-focused malware into a unique modular PoS malware, known to be the most advanced PoS threat seen so far. It has a unique cryptographic scheme, performs real-time patching in target software, forces protocol downgrades, manipulates cryptograms, performs GHOST transactions and performs credit card fraud. Recently, three new versions of Prilex have been discovered with the ability to block contactless payment transactions, which have become popular due to the pandemic. These new versions block NFC-based transactions and force victims to use their physical card by inserting it into the PIN pad reader, which allows the malware to capture the data coming from the transaction.
Post a Comment
Read more

BlackLotus UEFI Bootkit: A New Threat to Windows Security

By TechNewsCentre
In March 2023, security researchers from ESET announced the discovery of a new UEFI bootkit called BlackLotus . This bootkit is capable of bypassing UEFI Secure Boot, a security feature that is designed to prevent malware from infecting a computer's firmware. Once BlackLotus is installed, it can give an attacker complete control over the computer, including the ability to steal data, install other malware, and disrupt the computer's operation. BlackLotus is a sophisticated piece of malware that is difficult to detect and remove. It is also relatively new, so there is limited information about how it works. However, ESET researchers have been able to learn a lot about BlackLotus, and they have published a detailed analysis of the malware.
Post a Comment
Read more