CVE-2022-36804CISA KEV: Actively Exploited

Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

Published Sep 30, 2022·Updated Sep 30, 2022

Description

Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

Public Exploits & PoCs22 found

PoC: CVE-2022-36804-PoC

Proof of Concept exploit for CVE-2022-36804 affecting BitBucket versions <8.3.1

2

PoC: CVE-2022-36804

A real exploit for BitBucket RCE CVE-2022-36804

2

PoC: cve-2022-36804

A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability affects all versions of Bitbucket Server and Data Center released before versions <7.6.17, <7.17.10, <7.21.4, <8.0.3, <8.1.2, <8.2.2, and <8.3.1

1

PoC: CVE-2022-36804

A loader for bitbucket 2022 rce (cve-2022-36804)

1

PoC: cve-2022-36804

A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]

1

PoC: bitbucket-test

Investigating CVE-2022-36804

PoC: CVE-2022-36804-Bitbucket-RCE-Analysis

Full-chain reproduction of CVE-2022-36804 (Bitbucket RCE). Includes a Dockerized laboratory, pspy64 monitoring for null-byte injection verification, and a custom Bash exploit script. Based on Assetnote research.

PoC: CVE-2022-36804

Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)

PoC: CVE-2022-36804-ReverseShell

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

PoC: CVE-2022-36804

You can find a python script to exploit the vulnerability on Bitbucket related CVE-2022-36804.

PoC: CVE-2022-36804-ReverseShell

PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

PoC: CVE-2022-36804-MASS-RCE

Mass rce exploit for CVE-2022-36804 BITBUCKET SERVER UNAUTHENTICATED RCE

PoC: CVE-2022-36804-POC

Bitbucket CVE-2022-36804 unauthenticated remote command execution

PoC: CVE-2022-36804-RCE

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

PoC: CVE-2022-36804-mass-rce

Proof of Concept exploit for CVE-2022-36804 affecting BitBucket versions <8.3.1

PoC: bitbucket-cve-2022-36804

CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability

PoC: CVE-2022-36804-PoC-Exploit

Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)

PoC: CVE-2022-36804-MASS-RCE

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

PoC: CVE-2022-36804-RCE

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

PoC: CVE-2022-36804-MASS-RCE

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

PoC: CVE-2022-36804-POC

A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances.

PoC: CVE-2022-36804-RCE

Remote Code Execution exploit for CVE-2022-36804 (BitBucket Server and DataCenter).

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free