As BSI stories now, vulnerabilities have been recognized for Atlassian Bitbucket. You can learn the outline of the safety vulnerability and the record of affected working methods and merchandise right here.
Federal Office for Security in Information Technology (BSI) reported the Atlassian Bitbucket safety advisory on May 21, 2024. The report factors to a number of vulnerabilities that make the assault doable. The safety vulnerability impacts UNIX and Windows purposes and the Atlassian Bitbucket product.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability might be discovered right here: Atlassian Vulnerability BAM-25774 (From 21 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities reported for Atlassian Bitbucket – Risk: High
Risk stage: 3 (excessive)
CVSS Base Score: 8.2
CVSS provisional rating: 7,1
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS customary makes it doable to match potential or precise safety dangers primarily based on numerous metrics with a view to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For momentary impact, body situations that will change over time are thought-about within the take a look at. According to CVSS, the chance of the vulnerability talked about right here is rated as “excessive” on the premise of 8.2 factors.
Atlassian Bitbucket Bug: Vulnerabilities and CVE numbers
Bitbucket is a Git server for supply code model management.
A distant, unknown attacker may exploit a number of vulnerabilities in Atlassian Bitbucket to compromise privateness and integrity.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) ID numbers. CVE-2024-22257 and CVE-2024-22262 on the market.
Systems affected by the safety hole at a look
Operating methods
UNIX, Windows
Products
Atlassian Bitbucket Atlassian Bitbucket Atlassian Bitbucket Atlassian Bitbucket
General suggestions for addressing IT safety gaps
- Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises extra details about the most recent model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve gotten any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually verify the required sources to see if a brand new safety replace is on the market.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug stories, safety fixes and workarounds.
Atlassian Vulnerability BAM-25774 vom 2024-05-21 (21.05.2024)
For extra info, see:
Atlassian Vulnerability BAM-25774 vom 2024-05-21 (21.05.2024)
For extra info, see:
Atlassian Security Bulletin May 2024 vom 2024-05-21 (21.05.2024)
For extra info, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for Atlassian Bitbucket. If updates are introduced, this doc can be up to date. You can examine adjustments or additions on this model historical past.
May 21, 2024 – First model
+++ Editorial word: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de