Atlassian Bitbucket Command Injection Via Archive API
Detects attempts to exploit the Atlassian Bitbucket Command Injection CVE-2022-36804
Sigma rule (View on GitHub)
1title: Atlassian Bitbucket Command Injection Via Archive API
2id: 65c0a0ab-d675-4441-bd6b-d3db226a2685
3status: test
4description: Detects attempts to exploit the Atlassian Bitbucket Command Injection CVE-2022-36804
5references:
6 - https://twitter.com/_0xf4n9x_/status/1572052954538192901
7 - https://www.rapid7.com/blog/post/2022/09/20/cve-2022-36804-easily-exploitable-vulnerability-in-atlassian-bitbucket-server-and-data-center/
8 - https://confluence.atlassian.com/bitbucketserver/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html
9 - https://blog.assetnote.io/2022/09/14/rce-in-bitbucket-server/
10author: Nasreddine Bencherchali (Nextron Systems)
11date: 2022/09/29
12modified: 2023/01/02
13tags:
14 - attack.initial_access
15 - attack.t1190
16 - cve.2022.36804
17 - detection.emerging_threats
18logsource:
19 category: webserver
20detection:
21 selection:
22 cs-uri-query|contains|all:
23 - '/rest/api/latest/projects/'
24 - 'prefix='
25 - '%00--exec'
26 condition: selection
27falsepositives:
28 - Web vulnerability scanners
29level: high
References
-
-
On August 24, 2022, Atlassian published an advisory for Bitbucket Server and Data Center alerting users to CVE-2022-36804.
Read More -
-
Introduction Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper as well. Thi...
Read More
Related rules
- Apache Spark Shell Command Injection - Weblogs
- CVE-2021-41773 Exploitation Attempt
- CVE-2022-31656 VMware Workspace ONE Access Auth Bypass
- CVE-2022-31659 VMware Workspace ONE Access RCE
- Log4j RCE CVE-2021-44228 in Fields