search

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Apache License 2.0
860 stars 178 forks source link

PRP: Request Atlassian Bitbucket Server and Data Center RCE (CVE-2022-36804) #266

Open SuperX-SIR opened 1 year ago

SuperX-SIR commented 1 year ago

Hello. I want to contribute to the tsunami scanner with a detector plugin to detect CVE-2022-36804 vulnerability

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-36804 https://jira.atlassian.com/browse/BSERV-13438 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36804

Description

The vulnerability has been assigned a CVE ID CVE-2022-36804 , the severity level of the vulnerability is Critical : CVSS v3 score: 9.9 => Critical severityhttps://asecurityteam.bitbucket.io/cvss_v3/#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to a public Bitbucket repository(remote, unauthenticated attacker ) or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request.

versions

All versions released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive can be exploited by this vulnerability.

maoning commented 1 year ago

Hi @SuperX-SIR ,

Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.

Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.

Thanks!