The vulnerability is located in the Bitbucket Server’s v2.0 API, which is exposed over HTTP. The affected API endpoints are: /repositories/{repository-id}/config/settings/users/{user-id}/roles/{role-id} /repositories/{repository-id}/config/users/{user-id}/roles/{role-id} /repositories/{repository-id}/config/users/{user-id}/roles/{role-id}/permission /repositories/{repository-id}/config/users/{user-id}/roles/{role-id}/permission/{permission-id} This can be exploited by first compromising a user account, then sending a malicious request to the API endpoints. An attacker can send a malicious request via email, or by modifying a web-based application to send a malicious request. The request will be received by the API server, which will then execute the code in the API endpoints, which will result in remote code execution. At the time of this writing, there is no patch available to fix this vulnerability. In order to mitigate this risk, you should regularly review the permissions that are granted to each user. If you notice that a user has been given permission to edit
Bitbucket Server v3.0 API
The issue with this vulnerability is that it is not easy to detect. The malicious request will not be blocked by Bitbucket Server, and the execution of the code will go unnoticed.
Timeline
Published on: 08/25/2022 06:15:00 UTC
Last modified on: 08/31/2022 16:39:00 UTC