Bitbucket Server command injection enabling unauthenticated RCE — exploited massively by ransomware groups including SCATTERED SPIDER within days. Update Bitbucket to patched version or take internet-facing instances offline. Review all repository access logs.
Bitbucket Server and Data Center had an command injection vulnerability via the comment feature that allowed remote code execution with the permissions of the Bitbucket user.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →