CVE-2022-26133

EPSS 71.39%
Veröffentlicht 20.04.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 06:53:29
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Bitbucket Data Center Version >= 5.14.0 < 7.6.14

Atlassian ≫ Bitbucket Data Center Version >= 7.7.0 < 7.17.6

Atlassian ≫ Bitbucket Data Center Version >= 7.18.0 < 7.18.4

Atlassian ≫ Bitbucket Data Center Version >= 7.19.0 < 7.19.4

Atlassian ≫ Bitbucket Data Center Version7.20.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	71.39%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html

Patch

Vendor Advisory

https://jira.atlassian.com/browse/BSERV-13173

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-26133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26133

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-26133