clayton@site:~/news$ cat cve-2022-36804-atlassian-bitbucket-server-and-data-center.log

CVE-2022-36804 — Atlassian Bitbucket Server and Data Center Command Injection Vulnerability

2022-09-30 • CISA Known Exploited Vulnerability

[event] Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request.

> AFFECTED SOFTWARE

Field	Value
Vendor	Atlassian
Product	Bitbucket Server and Data Center
CWE	CWE-78, CWE-88, CWE-158
CVE ID	CVE-2022-36804
Date Added	2022-09-30
Due Date	2022-10-21
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-10-21

> REFERENCES

[1] https://jira.atlassian.com/browse/BSERV-13438
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-36804