Ukuba sengozini okubalulekile (CVE-2022-43781) kukhonjwe ku-Bitbucket Server, iphakheji yokukhipha isixhumi esibonakalayo sewebhu sokusebenza namakhosombe we-git, okuvumela umhlaseli okude ukuthi afeze ukusetshenziswa kwekhodi kuseva. Ukuba sengozini kungase kusetshenziswe umsebenzisi ongagunyaziwe uma ukuzibhalisela kuvunyelwe kuseva (ukulungiselelwa kokuthi βVumela ukubhalisa esidlangalaleniβ kunikwe amandla). Ukusebenza kuyenzeka futhi ngomsebenzisi ogunyaziwe onamalungelo okushintsha igama lomsebenzisi (okungukuthi, ADMIN noma SYS_ADMIN amalungelo). Ayikho imininingwane enikeziwe okwamanje, konke okwaziwayo ukuthi inkinga ibangelwa ukuthi kungenzeka ukufaka esikhundleni somyalo ngokusebenzisa okuguquguqukayo kwemvelo.
Inkinga ivela emagatsheni angu-7.x kanye ne-8.x, futhi ilungisiwe ku-Bitbucket Server kanye ne-Bitbucket Data Center ikhipha 8.5.0, 8.4.2, 7.17.12, 7.21.6, 8.0.5, 8.1.5, 8.3.3. 8.2.4, 7.6.19. Ukuba sengozini akuveli kusevisi yefu ye-bitbucket.org, kodwa kuthinta kuphela imikhiqizo efakwe ezakhiweni zayo. Inkinga futhi ayiveli kumaseva we-Bitbucket Server kanye neSikhungo Sedatha, asebenzisa i-PostgreSQL DBMS ukugcina idatha.
Source: opennet.ru