Is Atlassian Bitbucket Server or Data Center patched against CVE-2022-36804?

Multiple API endpoints in Atlassian Bitbucket Server and Data Center allow remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This TTP connects to the Bitbucket server with the specified session, project, and repo to check that commands may be executed.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is CVE-2022-36804 patched on Atlassian Bitbucket Server?


A TTP that exploits CVE-2022-36804 in Atlassian Bitbucket Server.