SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
References
| Link | Resource |
|---|---|
| https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html | Patch Vendor Advisory |
| https://jira.atlassian.com/browse/BSERV-13173 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Apr 2022, 17:50
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
| CWE | CWE-502 | |
| CPE | cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0:*:*:*:*:*:*:* cpe:2.3:a:atlassian:bitbucket_data_center:*:*:*:*:*:*:*:* |
|
| First Time |
Atlassian bitbucket Data Center
Atlassian |
|
| References | (MISC) https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html - Patch, Vendor Advisory | |
| References | (MISC) https://jira.atlassian.com/browse/BSERV-13173 - Vendor Advisory |
20 Apr 2022, 19:20
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-20 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-26133
Mitre link : CVE-2022-26133
CVE.ORG link : CVE-2022-26133
JSON object : View
Products Affected
atlassian
- bitbucket_data_center
CWE
CWE-502
Deserialization of Untrusted Data