Skip to content

Files

Latest commit

author
gaopeng2
Apr 21, 2022
2d9b3a8 · Apr 21, 2022

History

History

CVE-2022-26133

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Apr 21, 2022
Apr 21, 2022

Bitbucket Data Center Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26133)

Atlassian Bitbucket Data Center is Atlassian's Git repository management solution that provides source code collaboration for enterprises that require high availability and performance at scale.This vulnerability is caused by a deserialization vulnerability because the Hazelcast interface function in Atlassian Bitbucket Data Center does not filter user data effectively. An attacker can exploit this vulnerability to construct malicious data to execute arbitrary code remotely.

FOFA query rule: body="com.atlassian.plugins.atlassian-plugins-webresource-plugin:context-path.context-path" || title="Atlassian Bitbucket"

Demo

CVE-2022-26133