Is CVE-2022-43781 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Atlassian Bitbucket Data Center

CVE-2022-43781

There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerab…

EPSS: 0.875 (99.5th percentile) — read the EPSS interpretation.

Affected products

Atlassian Bitbucket Data Center — versions before 7.0, before 7.17.12, before 7.21.6
Atlassian Bitbucket Server — versions before 7.0, before 7.17.12, before 7.21.6

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
Luhaozhhhe/360_

References

confluence.atlassian.com/x/Y4hXRg
jira.atlassian.com/browse/BSERV-13522

Frequently asked questions

What is CVE-2022-43781?: CVE-2022-43781 is a vulnerability in Atlassian Bitbucket Data Center. Published 2022-11-17.
Is CVE-2022-43781 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.