Ib qho teeb meem tseem ceeb (CVE-2022-43781) tau raug txheeb xyuas hauv Bitbucket Server, ib pob rau kev xa tawm lub vev xaib cuam tshuam rau kev ua haujlwm nrog git repositories, uas tso cai rau tus neeg tawm tsam chaw taws teeb kom ua tiav cov lej ua tiav ntawm lub server. Qhov tsis zoo tuaj yeem raug siv los ntawm ib tus neeg siv tsis tau lees paub yog tias tso npe rau tus kheej ntawm tus neeg rau zaub mov (qhov "Pab neeg tso npe nkag" tau qhib). Kev ua haujlwm kuj tseem ua tau los ntawm tus neeg siv kev lees paub uas muaj cai hloov lub npe siv (piv txwv li, ADMIN lossis SYS_ADMIN txoj cai). Tsis muaj cov ntsiab lus tseem tau muab, txhua yam uas paub yog tias qhov teeb meem tshwm sim los ntawm qhov ua tau ntawm kev hloov pauv los ntawm ib puag ncig hloov pauv.
Qhov teeb meem tshwm nyob rau hauv 7.x thiab 8.x ceg, thiab yog kho nyob rau hauv Bitbucket Server thiab Bitbucket Data Center tso tawm 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3, 8.2.4. Qhov tsis zoo tsis tshwm sim hauv bitbucket.org huab kev pabcuam, tab sis tsuas yog cuam tshuam cov khoom lag luam uas tau teeb tsa hauv lawv qhov chaw. Qhov teeb meem kuj tsis tshwm sim ntawm Bitbucket Server thiab Data Center servers, uas siv PostgreSQL DBMS los khaws cov ntaub ntawv.
Tau qhov twg los: opennet.ru