Russia is ‘failing’ in its mission to destabilize Ukraine’s networks

Human error bugs increasingly making a splash, study indicates

Software supply chain attacks – everything you need to know

Inaugural report outlines strengths and weaknesses exposed by momentous security flaw

Flaw that opened the door to cookie modification and data theft resolved

The latest programs for June 2022

A schedule of events in 2022 and beyond

Update now to protect against flaw

A critical command injection vulnerability in a Bitbucket product could allow an attacker to execute arbitrary code, researchers warn.

Bitbucket is a Git-based source code repository hosting service owned by Atlassian.

The flaw, tracked as CVE-2022-36804, is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center.

Read more of the latest news about security vulnerabilities

This vulnerability could allow remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.

It was discovered by researcher ‘The Grand Pew’, who reported it through Bugcrowd’s bug bounty program.

All versions of the Server and Data Center released after 6.10.17 are affected, meaning that all instances running any versions between 7.0.0 and 8.3.0 inclusive are vulnerable.

Users are urged to update to the latest version. For those who cannot, Bitbucket has offered a workaround.

A blog post reads: “A temporary mitigation step is to turn off public repositories globally by setting feature.public.access=false as this will change this attack vector from an unauthorized attack to an authorized attack.”

YOU MAY ALSO LIKE LastPass flags security incident after attackers stole source code, technical information