An gano wani mummunan rauni (CVE-2022-43781) a cikin Bitbucket Server, kunshin don ƙaddamar da ƙirar yanar gizo don aiki tare da ma'ajin git, wanda ke ba da damar mai kai hari mai nisa don cimma nasarar aiwatar da lambar akan sabar. Mai amfani mara inganci na iya yin amfani da raunin idan an ba da izinin yin rijistar kansa akan sabar (an kunna saitin "Ba da izinin rajista na jama'a"). Ana iya yin aiki ta hanyar ingantaccen mai amfani wanda ke da haƙƙin canza sunan mai amfani (watau ADMIN ko haƙƙin SYS_ADMIN). Ba a bayar da cikakkun bayanai ba tukuna, abin da kawai aka sani shi ne cewa matsalar tana faruwa ne sakamakon yiwuwar sauya umarni ta hanyar canjin yanayi.
Batun ya bayyana a cikin rassan 7.x da 8.x, kuma an daidaita shi a cikin Sabar Bitbucket da Cibiyar Bayanai ta Bitbucket ta saki 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3. 8.2.4, 7.6.19. Rashin lahani baya bayyana a cikin sabis na girgije na bitbucket.org, amma yana shafar samfuran da aka shigar a wuraren su kawai. Matsalar kuma ba ta bayyana akan Sabar Bitbucket da Sabar Cibiyar Bayanai, waɗanda ke amfani da PostgreSQL DBMS don adana bayanai.
source: budenet.ru