Skip to main content

CVE-2022-36804

Description

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.

NVD
Severity: HIGH
CVE ID: CVE-2022-36804
CVSS Score: 8.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-36804
notdls

A real exploit for BitBucket RCE CVE-2022-36804

Refrence: GitHub

notxesh

Multithreaded exploit script for CVE-2022-36804 affecting BitBucket versions <8.3.1

Refrence: GitHub

JRandomSage

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

Refrence: GitHub

benjaminhays

Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

Refrence: GitHub

Vulnmachines

CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability

Refrence: GitHub

kljunowsky

Bitbucket CVE-2022-36804 unauthenticated remote command execution

Refrence: GitHub

Chocapikk

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

Refrence: GitHub

khal4n1

You can find a python script to exploit the vulnerability on Bitbucket related CVE-2022-36804.

Refrence: GitHub

0xEleven

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

Refrence: GitHub

tahtaciburak

A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]

Refrence: GitHub

Inplex-sys

A loader for bitbucket 2022 rce (cve-2022-36804)

Refrence: GitHub

ColdFusionX

Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)

Refrence: GitHub

Jhonsonwannaa

Refrence: GitHub

devengpk

Refrence: GitHub

walnutsecurity

A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability affects all versions of Bitbucket Server and Data Center released before versions <7.6.17, <7.17.10, <7.21.4, <8.0.3, <8.1.2, <8.2.2, and <8.3.1

Refrence: GitHub

imbas007

Refrence: GitHub

Content on GitHub

lolminerxmrig | watchers:1

Capricornus
Capricornus(摩羯座)一款基于wxpython的GUI图形化漏洞检测工具,包含了基础的备忘录,base64加解密,批量漏洞和单项漏洞检测功能。目前包含CVE_2022_35914、CVE_2022_36804等nday,1day以及常见漏洞的检测

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.9