CVE-2022-36804
Description
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
Severity: HIGH
CVE ID: CVE-2022-36804
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2022-36804
Refrence: Project Discovery GitHub
notdls
A real exploit for BitBucket RCE CVE-2022-36804
Refrence: GitHub
notxesh
Multithreaded exploit script for CVE-2022-36804 affecting BitBucket versions <8.3.1
Refrence: GitHub
JRandomSage
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.
Refrence: GitHub
benjaminhays
Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
Refrence: GitHub
Vulnmachines
CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability
Refrence: GitHub
kljunowsky
Bitbucket CVE-2022-36804 unauthenticated remote command execution
Refrence: GitHub
Chocapikk
PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
Refrence: GitHub
khal4n1
You can find a python script to exploit the vulnerability on Bitbucket related CVE-2022-36804.
Refrence: GitHub
0xEleven
PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)
Refrence: GitHub
tahtaciburak
A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]
Refrence: GitHub
Inplex-sys
A loader for bitbucket 2022 rce (cve-2022-36804)
Refrence: GitHub
ColdFusionX
Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)
Refrence: GitHub
Jhonsonwannaa
Refrence: GitHub
devengpk
Refrence: GitHub
walnutsecurity
A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability affects all versions of Bitbucket Server and Data Center released before versions <7.6.17, <7.17.10, <7.21.4, <8.0.3, <8.1.2, <8.2.2, and <8.3.1
Refrence: GitHub
imbas007
Refrence: GitHub
Content on GitHub
lolminerxmrig | watchers:1
Capricornus
Capricornus(摩羯座)一款基于wxpython的GUI图形化漏洞检测工具,包含了基础的备忘录,base64加解密,批量漏洞和单项漏洞检测功能。目前包含CVE_2022_35914、CVE_2022_36804等nday,1day以及常见漏洞的检测
Refrence: GitHub