Qhov teeb meem tseem ceeb (CVE-2022-36804) tau raug txheeb xyuas nyob rau hauv Bitbucket Server, ib pob rau kev xa tawm lub vev xaib cuam tshuam rau kev ua haujlwm nrog git repositories, uas tso cai rau tus neeg tawm tsam nyob deb nrog kev nyeem nkag mus rau cov chaw ntiag tug lossis pej xeem cov chaw khaws ntaub ntawv los ua txhaum cai ntawm lub server. los ntawm kev xa ua tiav HTTP thov. Qhov teeb meem tau tshwm sim txij li version 6.10.17 thiab tau raug daws hauv Bitbucket Server thiab Bitbucket Data Center tso tawm 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, thiab 8.3.1. Qhov tsis zoo tsis tshwm sim hauv bitbucket.org huab kev pabcuam, tab sis tsuas yog cuam tshuam cov khoom lag luam uas tau teeb tsa hauv lawv qhov chaw.
Qhov tsis zoo no tau txheeb xyuas los ntawm tus kws tshawb fawb txog kev nyab xeeb uas yog ib feem ntawm Bugcrowd Bug Bounty teg num, uas muab khoom plig rau kev txheeb xyuas qhov tsis paub yav dhau los. Tus nqi zog yog 6 txhiab daus las. Cov ntsiab lus hais txog txoj kev tawm tsam thiab cov qauv siv tau raug cog lus tias yuav raug nthuav tawm 30 hnub tom qab thaj tsam tau tshaj tawm. Raws li kev ntsuas los txo qhov kev pheej hmoo ntawm kev tawm tsam ntawm koj lub tshuab ua ntej siv thaj chaw, nws raug pom zoo kom txwv tsis pub pej xeem nkag mus rau qhov chaw khaws cia siv qhov "feature.public.access=false" chaw.
Tau qhov twg los: opennet.ru