Kusagadzikana kwakanyanya (CVE-2022-36804) kwaonekwa muBitbucket Server, pasuru yekuendesa webhu interface yekushanda negit repositories, iyo inobvumira anorwisa ari kure nekuverenga kuverenga kune zvakavanzika kana veruzhinji marepositori kuti aite zvekupokana kodhi pane server. nekutumira chikumbiro chapera cheHTTP. Nyaya yave iripo kubvira shanduro 6.10.17 uye yakagadziriswa muBitbucket Server uye Bitbucket Data Center inobudisa 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, uye 8.3.1. Kusagadzikana uku hakuratidzike muiyo bitbucket.org cloud service, asi inongokanganisa zvigadzirwa zvakaiswa panzvimbo yavo.
Kusagadzikana uku kwakaonekwa nemuongorori wezvekuchengetedza sechikamu cheBugcrowd Bug Bounty chirongwa, chinopa mibairo yekuziva kusagadzikana kwaimbozivikanwa. Mubairo wacho wakasvika zviuru zvitanhatu zvemadhora. Ruzivo nezve nzira yekurwiswa uye prototype inovimbiswa kuratidzwa mazuva makumi matatu mushure mekuburitswa kwechigamba. Sechiyero chekudzikisa njodzi yekurwiswa pamasisitimu ako usati waisa chigamba, zvinokurudzirwa kudzikamisa kupinda kweruzhinji kumatura uchishandisa "feature.public.access=false" marongero.
Source: opennet.ru