Atlassian fixes critical command injection bug in Bitbucket Server


Both Crowd Server and Data Center, the company’s centralised identity management platform, and Bitbucket Server and Data Center, its Git repository management tool, have received updates from Atlassian that solve critical-severity issues. Both security flaws, which were given a severity rating of 9 out of 10, affect various product versions.

The Crowd Server and Data Center problem, which is classified as critical, is tracked as CVE-2022-43782 and is a misconfiguration that enables an attacker to contact privileged API endpoints and skip password checks while authenticating as the Crowd app.

Read More…