CVE-2022-26133
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Atlassian | Bitbucket Data Center | 5.14.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 7.6.14 | affected |
| Atlassian | Bitbucket Data Center | 7.7.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 7.17.6 | affected |
| Atlassian | Bitbucket Data Center | 7.18.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 7.18.4 | affected |
| Atlassian | Bitbucket Data Center | 7.19.0 < unspecified | affected |
| Atlassian | Bitbucket Data Center | unspecified < 7.19.4 | affected |
| Atlassian | Bitbucket Data Center | 7.20.0 | affected |
Weaknesses
- Deserialization of untrusted data
ADP Enrichment
CVE Program Container
Additional References
- https://jira.atlassian.com/browse/BSERV-13173
- https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://jira.atlassian.com/browse/BSERV-13173
- https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.