Achọpụtala adịghị ike dị oke egwu (CVE-2022-43781) na Bitbucket Server, ngwugwu maka itinye ihe ntanetị weebụ maka ịrụ ọrụ na ebe nchekwa git, nke na-enye ohere onye na-awakpo dịpụrụ adịpụ nweta koodu mkpochapụ na sava ahụ. Onye ọrụ na-akwadoghị nwere ike iji adịghị ike ahụ ma ọ bụrụ na anabatara ndebanye aha onwe ya na sava (agbanyere ntọala "Kwe ka ndebanye aha ọha". Enwere ike ịrụ ọrụ site n'aka onye ọrụ nwere ikike ịgbanwe aha njirimara (ya bụ, ADMIN ma ọ bụ ikike SYS_ADMIN). Enwebeghị nkọwa ọ bụla, ihe niile a maara bụ na nsogbu ahụ kpatara site na ohere nke nnọchi iwu site na mgbanwe gburugburu ebe obibi.
Okwu a na-egosi na alaka 7.x na 8.x, ma edozi ya na Bitbucket Server na Bitbucket Data Center wepụtara 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3. 8.2.4, 7.6.19. Ọdịmma ahụ anaghị apụta na ọrụ igwe ojii bitbucket.org, mana ọ na-emetụta naanị ngwaahịa arụnyere na ogige ha. Nsogbu a apụtaghị na sava Bitbucket na ebe nchekwa data, nke na-eji PostgreSQL DBMS iji chekwaa data.
isi: opennet.ru