一、 漏洞 CVE-2023-22513 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
这是一个高严重度的RCE(远程代码执行)漏洞,出现在Bitbucket Data Center和Server版本8.0.0。这个RCE(远程代码执行)漏洞,CVSS等级为8.5,允许未授权的黑客执行任意代码,对 confidentiality 有很高的影响,对 integrity 有很高的影响,对 availability 有很高的影响,且无需用户交互。Ascalante建议Bitbucket Data Center和Server客户升级到最新版本,如果您无法升级,请升级您的实例到指定的支持固定版本之一:Bitbucket Data Center和Server 8.9:升级到大于或等于8.9.5的发布版本;Bitbucket Data Center和Server 8.10:升级到大于或等于8.10.5的发布版本;Bitbucket Data Center和Server 8.11:升级到大于或等于8.11.4的发布版本;Bitbucket Data Center和Server 8.12:升级到大于或等于8.12.2的发布版本;Bitbucket Data Center和Server 8.13:升级到大于或等于8.13.1的发布版本;Bitbucket Data Center和Server 8.14:升级到大于或等于8.14.0的发布版本。请参阅发布说明([https://confluence.atlassian.com/bitbucketserver/release-notes)]。您可以从下载中心([https://www.atlassian.com/software/bitbucket/download-archives])下载Bitbucket Data Center和Server的最新版本。此漏洞由一个私人用户发现并通过我们的Bug bounty计划报告。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
对生成代码的控制不恰当(代码注入)
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Bitbucket Data Center and Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Bitbucket Data Center and Server是Bitbucket公司的一个数据管理中心。 Bitbucket Data Center and Server 8.0.0版本存在安全漏洞。攻击者利用该漏洞可以执行任意代码。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-22513 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2023-22513 的情报信息