Chiwopsezo chachikulu (CVE-2022-36804) chadziwika mu Bitbucket Server, phukusi loyika mawonekedwe a intaneti kuti agwire ntchito ndi git repositories, zomwe zimalola wowukira kutali ndi mwayi wowerenga zosungirako zachinsinsi kapena zapagulu kuti apereke khodi mosasamala pa seva. potumiza pempho lomaliza la HTTP. Nkhaniyi yakhalapo kuyambira mtundu wa 6.10.17 ndipo yathetsedwa mu Bitbucket Server ndi Bitbucket Data Center imatulutsa 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, ndi 8.3.1. Chiwopsezochi sichimawonekera muutumiki wamtambo wa bitbucket.org, koma umangokhudza zinthu zomwe zimayikidwa pamalo awo.
Kusatetezekaku kudazindikirika ndi wofufuza zachitetezo ngati gawo la njira ya Bugcrowd Bug Bounty, yomwe imapereka mphotho pozindikira zovuta zomwe zidadziwika kale. Mphothoyo idakwana madola 6 zikwi. Tsatanetsatane wa njira yowukirayo komanso mawonekedwe oyeserera alonjezedwa kuti adzawululidwa patatha masiku 30 chigambacho chikasindikizidwa. Monga muyeso wochepetsera chiopsezo cha kuukira kwa machitidwe anu musanagwiritse ntchito chigambacho, tikulimbikitsidwa kuti muchepetse mwayi wa anthu kumalo osungiramo zinthu pogwiritsa ntchito "feature.public.access=false".
Source: opennet.ru