Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-36804
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Atlassian Bitbucket Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Atlassian Bitbucket Server是澳大利亚Atlassian公司的一款Git代码托管解决方案。该方案能够管理并审查代码,具有差异视图、JIRA集成和构建集成等功能。 Atlassian Bitbucket Server and Data Center存在安全漏洞,该漏洞源于允许对公共或私有Bitbucket库有读取权限的远程攻击者通过发送恶意的HTTP请求执行任意代码。以下产品及版本受到影响:7.0.0 至 7.6.17 之前版本,7.7.0 至 7.17.10 之前版本,7.18.0
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
AtlassianBitbucket Server 7.0.0 ~ unspecified -
AtlassianBitbucket Data Center 7.0.0 ~ unspecified -
II. Public POCs for CVE-2022-36804
#POC DescriptionSource LinkShenlong Link
1A real exploit for BitBucket RCE CVE-2022-36804https://github.com/notdls/CVE-2022-36804POC Details
2Multithreaded exploit script for CVE-2022-36804 affecting BitBucket versions <8.3.1https://github.com/notxesh/CVE-2022-36804-PoCPOC Details
3A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. https://github.com/JRandomSage/CVE-2022-36804-MASS-RCEPOC Details
4Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)https://github.com/benjaminhays/CVE-2022-36804-PoC-ExploitPOC Details
5CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerabilityhttps://github.com/Vulnmachines/bitbucket-cve-2022-36804POC Details
6Bitbucket CVE-2022-36804 unauthenticated remote command executionhttps://github.com/kljunowsky/CVE-2022-36804-POCPOC Details
7PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)https://github.com/Chocapikk/CVE-2022-36804-ReverseShellPOC Details
8You can find a python script to exploit the vulnerability on Bitbucket related CVE-2022-36804.https://github.com/khal4n1/CVE-2022-36804POC Details
9PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)https://github.com/vj4336/CVE-2022-36804-ReverseShellPOC Details
10A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]https://github.com/tahtaciburak/cve-2022-36804POC Details
11A loader for bitbucket 2022 rce (cve-2022-36804)https://github.com/Inplex-sys/CVE-2022-36804POC Details
12Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)https://github.com/ColdFusionX/CVE-2022-36804POC Details
13Nonehttps://github.com/Jhonsonwannaa/CVE-2022-36804POC Details
14Nonehttps://github.com/devengpk/CVE-2022-36804POC Details
15A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability affects all versions of Bitbucket Server and Data Center released before versions <7.6.17, <7.17.10, <7.21.4, <8.0.3, <8.1.2, <8.2.2, and <8.3.1https://github.com/walnutsecurity/cve-2022-36804POC Details
16Nonehttps://github.com/imbas007/Atlassian-Bitbucket-CVE-2022-36804POC Details
17PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)https://github.com/0xEleven/CVE-2022-36804-ReverseShellPOC Details
18Nonehttps://github.com/mpvx/CVE-2022-36804POC Details
19Nonehttps://github.com/asepsaepdin/CVE-2022-36804POC Details
20Nonehttps://github.com/ui-bootstrap/CVE-2022-36804POC Details
21Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-36804.yamlPOC Details
22Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Atlassian%20Bitbucket%20archive%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2022-36804.mdPOC Details
23A loader for bitbucket 2022 rce (cve-2022-36804)https://github.com/SystemVll/CVE-2022-36804POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-36804
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Bitbucket Server
Same vendor: Atlassian
V. Comments for CVE-2022-36804

No comments yet

Leave a comment