Atlassian: These versions should now be secured
A vulnerability is currently threatening several versions of Atlassian’s version management software. Malicious code attacks on Bitbucket Server and Data Center are possible.
Developers who coordinate their software projects with Atlassian Bitbucket or Data Center should urgently update their systems. A vulnerability classified as “critical” (CVE-2022-43781) currently allows attackers to attack computers with these services and execute their own commands. Details about the gap are hardly available so far.
Affected versions
According to a warning from the software manufacturer, data center and server versions 7.0 to 7.21 are specifically affected. The versions 8.0 to 8.4 are only vulnerable if the “mesh.enabled” function is activated in the settings. Cloud access via bitbucket.org should not be at risk.
Patch now
The following versions should already be secured:
- from 7.6.19
- from 7.17.12
- from 7.21.6
- from 8.0.5
- from 8.1.5
- from 8.2.4
- from 8.3.3
- from 8.4.2
- from 8.5.0
Source: Atlassian