Exploit for #VU66798 OS Command Injection in Bitbucket Server and Bitbucket Data Center

Published: 2022-09-19 | Updated: 2024-03-22

Vulnerability identifier: #VU66798

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-36804

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 15

March 22, 2024
- CVE-2022-36804-ReverseShell (PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)) [Github]
January 25, 2023
- cve-2022-36804 (A critical command injection vulnerability was found in multiple API endpoints of the Atlassian Bit bucket Server and Data center. This vulnerability affects all versions of Bitbucket Server and Data Center released before versions <7.6.17 [Github]
December 20, 2022
- CVE-2022-36804 () [Github]
October 26, 2022
- CVE-2022-36804 (You can find a python script to exploit the vulnerability on Bitbucket related CVE-2022-36804.) [Github]
October 6, 2022
- CVE-2022-36804 () [Github]
October 4, 2022
- CVE-2022-36804 (Atlassian Bitbucket Server and Data Center - Command Injection Vulnerability (CVE-2022-36804)) [Github]
October 2, 2022
- CVE-2022-36804-ReverseShell () [Github]
September 26, 2022
- CVE-2022-36804 (A loader for bitbucket 2022 rce (cve-2022-36804)) [Github]
September 25, 2022
- cve-2022-36804 (A simple PoC for Atlassian Bitbucket RCE [CVE-2022-36804]) [Github]
- CVE-2022-36804-ReverseShell (PoC exploit for CVE-2022-36804 (BitBucket Critical Command Injection)) [Github]
September 21, 2022
- Bitbucket Git Command Injection [Metasploit]
September 20, 2022
- CVE-2022-36804-PoC-Exploit (Somewhat Reliable PoC Exploit for CVE-2022-36804 (BitBucket Critical Command Injection)) [Github]
- bitbucket-cve-2022-36804 (CVE-2022-36804 Atlassian Bitbucket Command Injection Vulnerability) [Github]
September 19, 2022
- CVE-2022-36804 (A real exploit for BitBucket RCE CVE-2022-36804) [Github]
- CVE-2022-36804-PoC (Multithreaded exploit script for CVE-2022-36804 affecting BitBucket versions <8.3.1) [Github]

Impact: Code execution

Vulnerable software:
Bitbucket Server
Server applications / Application servers
Bitbucket Data Center
Server applications / Other server solutions

Vendor: Atlassian