Atlassian is being actively exploited to compromise corporate networks

By James On Oct 5, 2022

Two widely used Atlassian Bitbucket tools – Server and Data Center, have a very serious flaw that could allow remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code, experts warn.

The flaw is being actively used in the wild, the US Cybersecurity and Infrastructure Agency (CISA) has noted, urging companies using the tools to patch (opens in new tab) their endpoints (opens in new tab) straight away. Internet traffic analysts GreyNoise confirmed CISA’s findings, saying it had found evidence that the flaw was being exploited.

The error is tracked as CVE-2022-36804 and was present in version 7.0.0 of both tools up to version 8.3.0. Companies that can’t apply the patch immediately should disable public repositories to minimize the risk, Atlassian said.

Summer Patching

The company confirmed the bug’s existence in late August 2022, but this isn’t the first time this year Atlassian has had to patch major software bugs.

Last summer, several of its popular products, including Jira, Confluence, and Bamboo, were found to contain two very serious vulnerabilities that could allow remote code execution and escalation of privileges.

The first vulnerability is tracked as CVE-2022-26136, an arbitrary Servlet Filter bypass, which allows threat actors to bypass custom Servlet filters that use third-party apps for authentication. All they have to do is send a custom malicious HTTP request.

The second vulnerability is tracked as CVE-2022-26137 and is described as a cross-origin resource sharing (CORS) bypass.

“Sending a specially crafted HTTP request can invoke the Servlet filter used to respond to CORS requests, resulting in a CORS bypass,” Atlassian said. rights.”

While these two flaws were found in a handful of Atlassian products, there was another one, found only in Confluence. The CVE-2022-26138 error is actually a hardcoded password, set up to help cloud migrations.

The flaws have now been rectified.

Through: The register (opens in new tab)