Muaj ib qho teeb meem loj heev (CVE-2022-36804) tau pom nyob rau hauv Bitbucket Server, ib pob khoom rau kev xa tawm lub web interface rau kev ua haujlwm nrog Git repositories. Qhov teeb meem no tso cai rau tus neeg tawm tsam nyob deb uas muaj kev nkag mus rau cov chaw khaws cia ntiag tug lossis pej xeem kom ua tiav cov lej tsis raug cai ntawm lub server los ntawm kev xa ib qho kev thov HTTP tshwj xeeb. Qhov teeb meem no tshwm sim nws tus kheej pib nrog version 6.10.17 thiab tau kho hauv Bitbucket Server thiab Bitbucket Data Center tso tawm 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, thiab 8.3.1. Qhov teeb meem no tsis cuam tshuam rau bitbucket.org huab kev pabcuam, tab sis tsuas yog cov khoom lag luam hauv tsev xwb.
Qhov tsis muaj zog no tau raug tshawb pom los ntawm ib tug kws tshawb fawb txog kev ruaj ntseg ua ib feem ntawm Bugcrowd Bug Bounty initiative, uas muab cov khoom plig rau kev tshawb pom cov tsis muaj zog uas tsis tau paub dua. Qhov khoom plig yog $ 6. Cov ntsiab lus ntawm txoj kev tawm tsam thiab qhov kev siv prototype tau cog lus tias yuav tshaj tawm 30 hnub tom qab qhov kev kho tau tshaj tawm. Txhawm rau kom txo qhov kev pheej hmoo ntawm kev tawm tsam rau koj cov kab ke ua ntej siv qhov kev kho, nws raug pom zoo kom txwv tsis pub pej xeem nkag mus rau hauv cov chaw khaws khoom siv qhov chaw "feature.public.access=false."
Tau qhov twg los: opennet.ru
