Nuglaanta halista ah (CVE-2022-36804) ayaa lagu aqoonsaday Server Bitbucket, oo ah xirmo loogu talagalay in la geeyo interface interface si loogu shaqeeyo kaydinta git, taas oo u oggolaanaysa weeraryahan fog oo akhriya marin u gaar ah ama kaydka dadweynaha si uu u fuliyo kood aan sabab lahayn server-ka. adoo diraya codsi HTTP oo dhammaystiran. Arrintu waxay jirtay tan iyo nooca 6.10.17 waxaana lagu xalliyey Server-ka Bitbucket iyo Xarunta Xogta ee Bitbucket ayaa sii daysay 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, iyo 8.3.1. Nuglaanta kama muuqato adeegga daruuraha ee bitbucket.org, laakiin kaliya waxay saamaysaa alaabada lagu rakibay dhismahooda.
Nuglaanta waxaa aqoonsaday cilmi-baare amni oo qayb ka ah hindisaha Bugcrowd Bug Bounty, kaas oo bixiya abaal-marinno lagu aqoonsanayo dayacannada aan hore loo aqoon. Abaalmarintan ayaa dhan 6 kun oo dollar. Faahfaahinta ku saabsan habka weerarka iyo nooca ka faa'iidaysiga ayaa la ballan qaaday in la soo bandhigo 30 maalmood ka dib marka balastarka la daabaco. Cabbir ahaan si loo yareeyo khatarta weerar ee hababkaaga ka hor inta aan la isticmaalin balastar, waxaa lagu talinayaa in la xaddido gelitaanka dadweynaha ee meelaha kaydka ah iyada oo la adeegsanayo goobta "feature.public.access=been"
Source: opennet.ru
