Atlassian Bitbucket Command Injection Via Archive API
Detects attempts to exploit the Atlassian Bitbucket Command Injection CVE-2022-36804
Sigma rule (View on GitHub)
1title: Atlassian Bitbucket Command Injection Via Archive API
2id: 65c0a0ab-d675-4441-bd6b-d3db226a2685
3status: test
4description: Detects attempts to exploit the Atlassian Bitbucket Command Injection CVE-2022-36804
5references:
6 - https://twitter.com/_0xf4n9x_/status/1572052954538192901
7 - https://www.rapid7.com/blog/post/2022/09/20/cve-2022-36804-easily-exploitable-vulnerability-in-atlassian-bitbucket-server-and-data-center/
8 - https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html
9 - https://blog.assetnote.io/2022/09/14/rce-in-bitbucket-server/
10author: Nasreddine Bencherchali (Nextron Systems)
11date: 2022-09-29
12modified: 2023-01-02
13tags:
14 - attack.initial-access
15 - attack.t1190
16 - cve.2022-36804
17 - detection.emerging-threats
18logsource:
19 category: webserver
20detection:
21 selection:
22 cs-uri-query|contains|all:
23 - '/rest/api/latest/projects/'
24 - 'prefix='
25 - '%00--exec'
26 condition: selection
27falsepositives:
28 - Web vulnerability scanners
29level: high
References
-
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.
Read More -
-
Introduction Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper as well. Thi...
Read More
Related rules
- ADSelfService Exploitation
- Apache Spark Shell Command Injection - Weblogs
- Arcadyan Router Exploitations
- CVE-2010-5278 Exploitation Attempt
- CVE-2020-0688 Exchange Exploitation via Web Log