Kusagadzikana kwakanyanya (CVE-2022-43781) kwaonekwa muBitbucket Server, pasuru yekuendesa webhu interface yekushanda negit repositories, iyo inobvumira anorwisa ari kure kuti awane kodhi kuuraya paserver. Kusagadzikana kunogona kushandiswa nemushandisi asina kutenderwa kana kuzvinyoresa kuchibvumidzwa pane sevha (iyo "Bvumira kusaina veruzhinji" inogoneswa). Kushanda kunogoneka zvakare nemushandisi ane chokwadi ane kodzero yekuchinja zita rekushandisa (kureva, ADMIN kana SYS_ADMIN kodzero). Hapana ruzivo rwakapihwa parizvino, zvese zvinozivikanwa ndezvekuti dambudziko rinokonzerwa nekugona kwekuraira kutsiva kuburikidza nemamiriro ekunze.
Nyaya yacho inowanikwa mumatavi e7.x uye 8.x, uye inogadziriswa muBitbucket Server uye Bitbucket Data Center inobudisa 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3, 8.2.4. Kusagadzikana uku hakuratidzike muiyo bitbucket.org cloud service, asi inongokanganisa zvigadzirwa zvakaiswa panzvimbo yavo. Dambudziko zvakare harioneki paBitbucket Server uye Data Center maseva, anoshandisa iyo PostgreSQL DBMS kuchengetedza data.
Source: opennet.ru