{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-068.pdf"
    },
    "title": "High Severity Vulnerability in Bitbucket Data Center and Server",
    "serial_number": "2023-068",
    "publish_date": "20-09-2023 15:17:50",
    "description": "On September 19, Atlassian released a security bulletin addressing several vulnerabilities among which a high severity vulnerability, identified by \"CVE-2023-22513\", that could allow an authenticated attacker to execute arbitrary code on the server.<br>\nIt is recommended updating as soon as possible.<br>\n",
    "url_title": "2023-068",
    "content_markdown": "---\ntitle: 'High Severity Vulnerability in\u00a0Bitbucket Data Center and Server' \nversion: '1.0'\nnumber: '2023-068'\noriginal_date: 'September 19, 2023'\ndate: 'September 20, 2023'\n---\n\n_History:_\n\n* _20/09/2023 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 19, Atlassian released a security bulletin addressing several vulnerabilities among which a high severity vulnerability, identified by `CVE-2023-22513`, that could allow an authenticated attacker to execute arbitrary code on the server.\n\nIt is recommended updating as soon as possible.\n\n# Technical Details\n\nThe vulnerability `CVE-2023-22513`, with a CVSS Score of 8.5, could allow an authenticated attacker to execute arbitrary code on the server, which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.\n\n# Affected Products\n\nThis vulnerability affects Atlassian Bitbucket Data Center and Server versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 [2].\n \n# Recommendations\n\nCERT-EU strongly recommends that all installations running a version affected by the issues described above are upgraded to the latest version as soon as possible.\n\n## Workaround\n\nWhen it is not possible to upgrade affected servers to the latest version, it is recommended upgrading them to one of the specified supported fixed versions:\n\n- Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5\n- Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5\n- Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4\n- Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2\n- Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1\n- Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0\n- Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions.\n\n# References\n\n[1] <https://confluence.atlassian.com/security/security-bulletin-september-19-2023-1283691616.html>\n\n[2] <https://jira.atlassian.com/browse/BSERV-14419>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>20/09/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 19, Atlassian released a security bulletin addressing several vulnerabilities among which a high severity vulnerability, identified by <code>CVE-2023-22513</code>, that could allow an authenticated attacker to execute arbitrary code on the server.</p><p>It is recommended updating as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <code>CVE-2023-22513</code>, with a CVSS Score of 8.5, could allow an authenticated attacker to execute arbitrary code on the server, which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects Atlassian Bitbucket Data Center and Server versions 8.0.0, 8.1.0, 8.2.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0, 8.11.0, 8.12.0, and 8.13.0 [2].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends that all installations running a version affected by the issues described above are upgraded to the latest version as soon as possible.</p><h3 id=\"workaround\">Workaround</h3><p>When it is not possible to upgrade affected servers to the latest version, it is recommended upgrading them to one of the specified supported fixed versions:</p><ul><li>Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5</li><li>Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5</li><li>Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4</li><li>Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2</li><li>Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1</li><li>Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0</li><li>Bitbucket Data Center and Server version &gt;= 8.0 and &lt; 8.9: Upgrade to any of the listed fix versions.</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://confluence.atlassian.com/security/security-bulletin-september-19-2023-1283691616.html\">https://confluence.atlassian.com/security/security-bulletin-september-19-2023-1283691616.html</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://jira.atlassian.com/browse/BSERV-14419\">https://jira.atlassian.com/browse/BSERV-14419</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}