Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can inspire us to dig deeper as well. This was the case when we read the blog post from William Bowling about his RCE finding in GitHub Enterprise.
After reading this blog post, we wondered whether or not this methodology to discovering command execution could be replicated on other source code management platforms.
We decided that a good target for this research would be Bitbucket Server, which is typically deployed on-premise and also obviously uses git for many operations within the software.
We found an argument injection vulnerability which ultimately allowed us to execute arbitrary commands through the –exec argument for git. This vulnerability was possible due to the way the underlying process creation library was processing null bytes.
All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability.
This was fixed promptly by Atlassian and they issued CVE-2022-36804 as a result.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings