Atlassian Addresses Serious Vulnerabilities in Bitbucket and Crowd


Atlassian informed users that it had patched critical flaws in its Crowd and Bitbucket products. Atlassian fixed CVE-2022-43781, a critical command injection flaw that affects Bitbucket Server and Data Center versions 7 and, in some cases, version 8, in the Bitbucket source code repository hosting service.

“There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to gain code execution and execute code on the system,” Atlassian said.

Also Read: Strategies to Improve Enterprise-Wide Cybersecurity Vulnerability Management

Both BitBucket 7 and 8 have received updates that fix the issue. Sites hosted by Atlassian Cloud are unaffected.

Read More: Atlassian Patches Critical Vulnerabilities in Bitbucket, Crowd

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.