An gano wani mummunan rauni (CVE-2022-36804) a cikin Bitbucket Server, kunshin don tura hanyar yanar gizo don aiki tare da ma'ajin git, wanda ke ba da damar maharan nesa tare da damar karantawa zuwa wuraren ajiyar sirri ko na jama'a don aiwatar da lambar sabani akan sabar. ta hanyar aika buƙatar HTTP da aka kammala. Batun ya kasance tun daga sigar 6.10.17 kuma an warware shi a cikin Sabar Bitbucket da Cibiyar Bayanai ta Bitbucket ta fitar da 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, da 8.3.1. Rashin lahani baya bayyana a cikin sabis na girgije na bitbucket.org, amma yana shafar samfuran da aka shigar a wuraren su kawai.
Wani mai binciken tsaro ya gano raunin a matsayin wani ɓangare na shirin Bugcrowd Bug Bounty, wanda ke ba da lada don gano raunin da ba a san shi ba. Ladan ya kai dala dubu 6. An yi alƙawarin bayyana cikakkun bayanai game da hanyar kai hari da samfurin amfani da shi kwanaki 30 bayan an buga facin. A matsayin ma'auni don rage haɗarin hari akan tsarin ku kafin amfani da facin, ana ba da shawarar iyakance damar jama'a zuwa ma'ajiyar ta amfani da saitin "feature.public.access=ƙarya".
source: budenet.ru