Ukuba sengozini okubalulekile (CVE-2022-36804) kukhonjwe ku-Bitbucket Server, iphakheji yokukhipha isixhumi esibonakalayo sewebhu ukusebenza namakhosombe we-git, okuvumela umhlaseli okude nokufinyelela kokufunda kumakhosombe ayimfihlo noma asesidlangalaleni ukuthi asebenzise ikhodi engafanele kuseva. ngokuthumela isicelo esiqediwe se-HTTP. Inkinga ibilokhu ikhona kusukela kunguqulo 6.10.17 futhi ixazululwe ku-Bitbucket Server kanye ne-Bitbucket Data Center ikhipha 7.6.17, 7.17.10, 7.21.4, 8.0.3, 8.2.2, kanye no-8.3.1. Ukuba sengozini akuveli kusevisi yefu ye-bitbucket.org, kodwa kuthinta kuphela imikhiqizo efakwe ezakhiweni zayo.
Ukuba sengozini kukhonjwe umcwaningi wezokuphepha njengengxenye yohlelo lwe-Bugcrowd Bug Bounty, oluhlinzeka ngemiklomelo yokuhlonza ubungozi obungaziwa ngaphambilini. Umklomelo wawufinyelela ku-6 30 zamadola. Imininingwane mayelana nendlela yokuhlasela kanye ne-prototype ye-prototype ithenjiswa ukuthi izodalulwa ezinsukwini ezingama-XNUMX ngemuva kokushicilelwa kwesiqephu. Njengesinyathelo sokunciphisa ubungozi bokuhlaselwa kwamasistimu akho ngaphambi kokufaka isichibi, kuyanconywa ukuthi ukhawulele ukufinyelela komphakathi kumakhosombe usebenzisa isilungiselelo esithi “feature.public.access=false”.
Source: opennet.ru