Atlassian Is Actively Being Used To Breach Business Networks

Two widely-used Atlassian Bitbucket instruments – Server and Knowledge Middle, carry an excessive severity flaw that permits distant attackers with learning permissions to a public or non-public Bitbucket repository to execute arbitrary code, consultants have warned.

The flaw is being actively used within the wild, the US Cybersecurity and Infrastructure Company (CISA) has been famous, urging firms that use the instruments to patch their endpoints instantly. Web visitor analysts GreyNoise confirmed CISA’s findings, saying it had discovered proof of the flaw being exploited.

The flaw is tracked as CVE-2022-36804 and was current in model 7.0.Zero of each instrument in which as much as model 8.3.0. Firms which are unable to use the patch instantly ought to flip off public repositories to reduce the chance, Atlassian stated.

Summertime patching

The corporate confirmed the flaw’s existence in late August 2022, however, this isn’t the primary time this yr that Atlassian needed to patch main software program flaws.

Final summer time, a number of its widespread merchandise, together with Jira, Confluence, and Bamboo had been discovered to be carrying two high-severity vulnerabilities that allowed for distant code execution and privilege escalation.

The primary vulnerability is tracked as CVE-2022-26136, an arbitrary Servlet Filter bypass, permitting menace actors to bypass customized Servlet Filters that third-party apps use for authentication. All they’d do is ship a customized, malicious HTTP request.

The second vulnerability is tracked as CVE-2022-26137 and is described as a cross-origin useful resource sharing (CORS) bypass.

“Sending a specifically crafted HTTP request can invoke the Servlet Filter used to reply to CORS requests, leading to a CORS bypass,” Atlassian stated. “An attacker that may trick a consumer into requesting a malicious URL can entry the weak software with the sufferer’s permissions.”

Whereas these two flaws had been present in a handful of Atlassian merchandise, there was another, discovered solely in Confluence. The CVE-2022-26138 flaw is, in truth, a hard-coded password, set as much as assists cloud migrations.

The issues have since been patched.

By way of The Register.