CVE-2022-26133

EPSS 81.39%
Veröffentlicht 20.04.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:53:29
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Bitbucket Data Center Version >= 5.14.0 < 7.6.14

Atlassian ≫ Bitbucket Data Center Version >= 7.7.0 < 7.17.6

Atlassian ≫ Bitbucket Data Center Version >= 7.18.0 < 7.18.4

Atlassian ≫ Bitbucket Data Center Version >= 7.19.0 < 7.19.4

Atlassian ≫ Bitbucket Data Center Version7.20.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	81.39%	0.991

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html

Patch

Vendor Advisory

https://jira.atlassian.com/browse/BSERV-13173

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26133

EUVD