Ts'ireletso e matla (CVE-2022-36804) e khethiloe ho Bitbucket Server, sephutheloana sa ho tsamaisa segokanyimmediamentsi sa marang-rang bakeng sa ho sebetsa le git repositories, e lumellang mohlaseli ea hole ea nang le phihlello ea ho bala ho polokelo ea poraefete kapa ea sechaba ho etsa khoutu e qotsitsoeng ho seva. ka ho romela kopo e phethiloeng ea HTTP. Taba ena e bile teng ho tloha phetolelong ea 6.10.17 'me e rarollotsoe ho Bitbucket Server le Bitbucket Data Center e lokolla 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, le 8.3.1. Kotsi ha e hlahe ho bitbucket.org cloud service, empa e ama feela lihlahisoa tse kentsoeng sebakeng sa tsona.
Bofokoli bo bonahalitsoe ke mofuputsi oa ts'ireletso e le karolo ea boikitlaetso ba Bugcrowd Bug Bounty, bo fanang ka meputso bakeng sa ho tsebahatsa bofokoli bo neng bo sa tsejoe pele. Moputso o ne o lekana le lidolara tse likete tse 6. Lintlha tse mabapi le mokhoa oa tlhaselo le mohlala oa ts'ebetso li ts'episitsoe hore li tla senoloa matsatsi a 30 kamora hore patch e phatlalatsoe. E le mokhoa oa ho fokotsa kotsi ea tlhaselo ea litsamaiso tsa hau pele u sebelisa patch, ho khothaletsoa ho fokotsa phihlello ea sechaba libakeng tsa polokelo u sebelisa "feature.public.access=false" setting.
Source: opennet.ru