Vulnerability Description
SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Bitbucket Data Center | >= 5.14.0, < 7.6.14 |
Related Weaknesses (CWE)
References
- https://confluence.atlassian.com/security/multiple-products-security-advisory-haPatchVendor Advisory
- https://jira.atlassian.com/browse/BSERV-13173Vendor Advisory
- https://confluence.atlassian.com/security/multiple-products-security-advisory-haPatchVendor Advisory
- https://jira.atlassian.com/browse/BSERV-13173Vendor Advisory
FAQ
What is CVE-2022-26133?
CVE-2022-26133 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior t...
How severe is CVE-2022-26133?
CVE-2022-26133 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-26133?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Bitbucket Data Center.