SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
References
Link | Resource |
---|---|
https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html | Patch Vendor Advisory |
https://jira.atlassian.com/browse/BSERV-13173 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2022-03-24T00:00:00
Updated: 2022-04-20T18:30:19
Reserved: 2022-02-25T00:00:00
Link: CVE-2022-26133
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-20T19:15:08.157
Modified: 2022-04-28T17:50:56.293
Link: CVE-2022-26133
JSON object: View
Redhat Information
No data.
CWE