Remote Code Execution Vulnerability in Bitbucket Data Center and Server by Atlassian
CVE-2023-22513

8.8HIGH

Key Information:

Vendor

Atlassian
Status
Bitbucket Data Center
Bitbucket Server
Vendor
CVE Published:
19 September 2023

What is CVE-2023-22513?

A critical Remote Code Execution vulnerability was identified in Bitbucket Data Center and Server starting from version 8.0.0. This security issue permits an authenticated attacker to execute arbitrary code without user interaction, threatening the confidentiality, integrity, and availability of the affected systems. Users are urged to upgrade to the latest version or one of the supported fixed releases to mitigate potential risks. More details can be found in Atlassian's release notes for Bitbucket.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Bitbucket Data Center >= 8.0.0 < 8.0.0

Bitbucket Data Center >= 8.1.0 >= 8.1.0

Bitbucket Data Center >= 8.10.0 >= 8.10.0

References

https://confluence.atlassian.com/pages/viewpage.action?pa...
https://jira.atlassian.com/browse/BSERV-14419

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

a private user
JSON
.