All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2022-36804
NONEKEVpublish date unavailable
CVSS / 10
// description
Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2022-09-30 00:00 UTC