Run Pneuma agent using CVE-2022-36804

Multiple API endpoints in Atlassian Bitbucket Server and Data Center allow remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This TTP connects to Bitbucket, executes a basic command, and if successful, deploys a pneuma agent on the host.
View Command

To view this TTPs command, you must be logged in with a professional or enterprise license.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Is CVE-2022-36804 patched on Atlassian Bitbucket Server?


A TTP that exploits CVE-2022-36804 in Atlassian Bitbucket Server.