CVE-2023-22513

CWE-94Code Injection3 documents3 sources
Severity
8.8HIGH
EPSS
11.6%
top 6.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian Bitbucket Data CenterAtlassian Bitbucket Server
Timeline
PublishedSep 19

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

NVDatlassian/bitbucket_data_center8.9.08.9.5+4
CVEListV5atlassian/bitbucket_data_center14 versions+13
NVDatlassian/bitbucket_server8.9.08.9.5+4
CVEListV5atlassian/bitbucket_server14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-3f2j-57ff-r6p5: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 82023-09-19
CVEList
CVE-2023-22513: This High severity RCE (Remote Code Execution) vulnerability was introduced in version 82023-09-19