CVE-2022-26133

CVE Database · CVE-2022-26133

CVE-2022-26133

· CRITICALModified

CVSS v3.1

9.8

EPSS

71.39%

Published

Apr 20, 2022

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-502CWE-502

Affected Products (5)

atlassian · bitbucket_data_center (up to 7.6.14)vulnerable

atlassian · bitbucket_data_center (up to 7.17.6)vulnerable

atlassian · bitbucket_data_center (up to 7.18.4)vulnerable

atlassian · bitbucket_data_center (up to 7.19.4)vulnerable

atlassian · bitbucket_data_centervulnerable

References (4)

https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html