{"id":392297,"date":"2022-10-01T12:06:40","date_gmt":"2022-10-01T14:06:40","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-pirates-exploitant-une-vulnerabilite-critique-du-serveur-atlassian-bitbucket\/"},"modified":"2022-10-01T12:06:41","modified_gmt":"2022-10-01T14:06:41","slug":"la-cisa-met-en-garde-contre-les-pirates-exploitant-une-vulnerabilite-critique-du-serveur-atlassian-bitbucket","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-pirates-exploitant-une-vulnerabilite-critique-du-serveur-atlassian-bitbucket\/","title":{"rendered":"La CISA met en garde contre les pirates exploitant une vuln\u00e9rabilit\u00e9 critique du serveur Atlassian Bitbucket"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Vendredi, l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/09\/30\/cisa-adds-three-known-exploited-vulnerabilities-catalog\" target=\"_blank\">ajout\u00e9e<\/a> une faille critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e affectant le serveur et le centre de donn\u00e9es Bitbucket d&#8217;Atlassian aux vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (<a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\">KEV<\/a>) catalogue, citant des preuves d&#8217;exploitation active.<\/p>\n<p>Suivi sous le nom de CVE-2022-36804, le probl\u00e8me concerne une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande qui pourrait permettre \u00e0 des acteurs malveillants d&#8217;obtenir l&#8217;ex\u00e9cution de code arbitraire sur des installations sensibles en envoyant une requ\u00eate HTTP sp\u00e9cialement con\u00e7ue.<\/p>\n<p>Cependant, une exploitation r\u00e9ussie repose sur la condition pr\u00e9alable que l&#8217;attaquant ait d\u00e9j\u00e0 acc\u00e8s \u00e0 un r\u00e9f\u00e9rentiel public ou poss\u00e8de des autorisations de lecture sur un r\u00e9f\u00e9rentiel Bitbucket priv\u00e9.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>&#8220;Toutes les versions de Bitbucket Server et Datacenter publi\u00e9es apr\u00e8s 6.10.17, y compris 7.0.0 et les versions ult\u00e9rieures, sont affect\u00e9es, cela signifie que toutes les instances qui ex\u00e9cutent des versions comprises entre 7.0.0 et 8.3.0 inclus sont affect\u00e9es par cette vuln\u00e9rabilit\u00e9&#8221;, Atlassian <a rel=\"nofollow noopener\" href=\"https:\/\/confluence.atlassian.com\/bitbucketserver\/bitbucket-server-and-data-center-advisory-2022-08-24-1155489835.html\" target=\"_blank\">c&#8217;est not\u00e9<\/a> dans un avis fin ao\u00fbt 2022.<\/p>\n<p>CISA n&#8217;a pas fourni plus de d\u00e9tails sur la fa\u00e7on dont la faille est exploit\u00e9e et sur l&#8217;\u00e9tendue des efforts d&#8217;exploitation, mais GreyNoise <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/atlassian-bitbucket-server-rce-attempt?days=30\" target=\"_blank\">a dit<\/a> il a d\u00e9tect\u00e9 des preuves de pr\u00e9sence dans la nature les 20 et 23 septembre.<\/p>\n<p>En tant que contre-mesures, toutes les agences du pouvoir ex\u00e9cutif civil f\u00e9d\u00e9ral (FCEB) sont tenues de rem\u00e9dier aux vuln\u00e9rabilit\u00e9s d&#8217;ici le 21 octobre 2022 pour prot\u00e9ger les r\u00e9seaux contre les menaces actives.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/cisa-warns-of-hackers-exploiting.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Vendredi, l&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) ajout\u00e9e une faille critique r\u00e9cemment r\u00e9v\u00e9l\u00e9e affectant le serveur et le centre de donn\u00e9es Bitbucket d&#8217;Atlassian aux vuln\u00e9rabilit\u00e9s exploit\u00e9es connues (KEV) catalogue, citant des preuves d&#8217;exploitation active. Suivi sous le nom de CVE-2022-36804, le probl\u00e8me concerne une vuln\u00e9rabilit\u00e9 d&#8217;injection de commande qui pourrait permettre [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":392298,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[54518,103596,4805,4168,841,22,4158,4165,4161,29063,525,4157,4159,4171,4170,65,4167,4955,4160,4163,4162,4394,4172,4169,32855,196,4166,3667,4164],"class_list":["post-392297","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-atlassian","tag-bitbucket","tag-cisa","tag-comment-pirater","tag-contre","tag-critique","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-exploitant","tag-garde","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pirates","tag-securite-informatique","tag-securite-internet","tag-serveur","tag-une","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/392297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=392297"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/392297\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/392298"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=392297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=392297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=392297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}