Chiwopsezo chachikulu (CVE-2022-43781) chadziwika mu Bitbucket Server, phukusi loyika mawonekedwe awebusayiti kuti agwire ntchito ndi git repositories, zomwe zimalola wowukira kutali kuti akwaniritse ma code pa seva. Chiwopsezochi chingagwiritsidwe ntchito ndi wogwiritsa ntchito wosavomerezeka ngati kudzilembetsa kwanu kuli kololedwa pa seva (makonzedwe a "Lolani kulembetsa kwa anthu onse" ndiwoyatsidwa). Kugwiritsa ntchito kumathekanso ndi wogwiritsa ntchito yemwe ali ndi ufulu wosintha dzina lolowera (i.e., ADMIN kapena SYS_ADMIN ufulu). Palibe zambiri zomwe zaperekedwa pano, zomwe zimadziwika ndikuti vutoli limayamba chifukwa chotheka kulowetsa malamulo kudzera mumitundu yosiyanasiyana ya chilengedwe.
Nkhaniyi imapezeka mu nthambi za 7.x ndi 8.x, ndipo imayikidwa mu Bitbucket Server ndi Bitbucket Data Center imatulutsa 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3, 8.2.4. Chiwopsezochi sichimawonekera muutumiki wamtambo wa bitbucket.org, koma umangokhudza zinthu zomwe zimayikidwa pamalo awo. Vutoli silimawonekeranso pa seva ya Bitbucket Server ndi Data Center, yomwe imagwiritsa ntchito PostgreSQL DBMS kusunga deta.
Source: opennet.ru