{"id":333843,"date":"2022-08-26T20:28:29","date_gmt":"2022-08-26T22:28:29","guid":{"rendered":"https:\/\/teknomers.com\/fr\/vulnerabilite-critique-decouverte-dans-atlassian-bitbucket-server-et-data-center\/"},"modified":"2022-08-26T20:28:31","modified_gmt":"2022-08-26T22:28:31","slug":"vulnerabilite-critique-decouverte-dans-atlassian-bitbucket-server-et-data-center","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/vulnerabilite-critique-decouverte-dans-atlassian-bitbucket-server-et-data-center\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 critique d\u00e9couverte dans Atlassian Bitbucket Server et Data Center"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Atlassian a d\u00e9ploy\u00e9 des correctifs pour un <a rel=\"nofollow noopener\" href=\"https:\/\/confluence.atlassian.com\/security\/august-2022-atlassian-security-advisories-overview-1155155092.html\" target=\"_blank\">faille de s\u00e9curit\u00e9 critique<\/a> dans Bitbucket Server et Data Center qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution de code malveillant sur des installations vuln\u00e9rables.<\/p>\n<p>Suivi comme <strong>CVE-2022-36804<\/strong> (score CVSS\u00a0: 9,9), le probl\u00e8me a \u00e9t\u00e9 caract\u00e9ris\u00e9 comme une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande dans plusieurs points de terminaison qui pourrait \u00eatre exploit\u00e9e via des requ\u00eates HTTP sp\u00e9cialement con\u00e7ues.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>&#8220;Un attaquant ayant acc\u00e8s \u00e0 un r\u00e9f\u00e9rentiel Bitbucket public ou disposant d&#8217;autorisations de lecture sur un r\u00e9f\u00e9rentiel priv\u00e9 peut ex\u00e9cuter du code arbitraire en envoyant une requ\u00eate HTTP malveillante&#8221;, explique Atlassian. <a rel=\"nofollow noopener\" href=\"https:\/\/confluence.atlassian.com\/bitbucketserver\/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html\" target=\"_blank\">a dit<\/a> dans un avis.<\/p>\n<p>La lacune, d\u00e9couverte et signal\u00e9e par un chercheur en s\u00e9curit\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/TheGrandPew\" target=\"_blank\">@LeGrandPew<\/a> affecte toutes les versions de Bitbucket Server et Datacenter publi\u00e9es apr\u00e8s la version 6.10.17, y compris la version 7.0.0 et les versions ult\u00e9rieures &#8211;<\/p>\n<ul>\n<li>Bitbucket Server et Datacenter 7.6<\/li>\n<li>Bitbucket Server et Datacenter 7.17<\/li>\n<li>Bitbucket Server et Datacenter 7.21<\/li>\n<li>Bitbucket Server et Datacenter 8.0<\/li>\n<li>Bitbucket Server et Datacenter 8.1<\/li>\n<li>Bitbucket Server et Datacenter 8.2, et<\/li>\n<li>Bitbucket Server et Datacenter 8.3<\/li>\n<\/ul>\n<p>Comme solution de contournement temporaire dans les sc\u00e9narios o\u00f9 les correctifs ne peuvent pas \u00eatre appliqu\u00e9s imm\u00e9diatement, Atlassian recommande de d\u00e9sactiver les r\u00e9f\u00e9rentiels publics \u00e0 l&#8217;aide de &#8220;feature.public.access=false&#8221; pour emp\u00eacher les utilisateurs non autoris\u00e9s d&#8217;exploiter la faille.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>&#8220;Cela ne peut pas \u00eatre consid\u00e9r\u00e9 comme une att\u00e9nuation compl\u00e8te car un attaquant avec un compte d&#8217;utilisateur pourrait toujours r\u00e9ussir&#8221;, a-t-il averti, ce qui signifie qu&#8217;il pourrait \u00eatre exploit\u00e9 par des acteurs de la menace qui sont d\u00e9j\u00e0 en possession d&#8217;informations d&#8217;identification valides obtenues par d&#8217;autres moyens.<\/p>\n<p>Il est recommand\u00e9 aux utilisateurs des versions concern\u00e9es du logiciel de mettre \u00e0 niveau leurs instances vers la derni\u00e8re version d\u00e8s que possible afin d&#8217;att\u00e9nuer les menaces potentielles.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/08\/critical-vulnerability-discovered-in.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Atlassian a d\u00e9ploy\u00e9 des correctifs pour un faille de s\u00e9curit\u00e9 critique dans Bitbucket Server et Data Center qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution de code malveillant sur des installations vuln\u00e9rables. Suivi comme CVE-2022-36804 (score CVSS\u00a0: 9,9), le probl\u00e8me a \u00e9t\u00e9 caract\u00e9ris\u00e9 comme une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande dans plusieurs points de terminaison qui pourrait \u00eatre exploit\u00e9e [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":333844,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[54518,103596,33142,4168,22,4158,4165,4161,429,29238,8816,4157,4159,4171,4170,4167,4160,4163,4162,4172,4169,103597,4166,3667,4164],"class_list":["post-333843","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-atlassian","tag-bitbucket","tag-center","tag-comment-pirater","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dans","tag-data","tag-decouverte","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-server","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/333843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=333843"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/333843\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/333844"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=333843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=333843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=333843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}