Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 23, 2022Rewterz Threat Advisory – CVE-2022-43781 – Atlassian Bitbucket Server and Data Center Vulnerability
November 23, 2022Rewterz Threat Alert – APT38 Hidden Cobra aka Lazarus – Active IOCs
November 23, 2022Rewterz Threat Advisory – CVE-2022-43781 – Atlassian Bitbucket Server and Data Center Vulnerability
November 23, 2022Severity
High
Analysis Summary
CVE-2022-43782
Atlassian Crowd could allow a remote attacker to bypass security restrictions, caused by a security misconfiguration flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to authenticate as the crowd application and call privileged endpoints in Crowd’s REST API under the {{usermanagement}} path.
Impact
Security Bypass
Indicators Of Compromise
CVE
- CVE-2022-43782
Affected Vendors
Atlassian
Affected Products
- Atlassian Crowd 3.0.0
- Atlassian Crowd 4.0.0
- Atlassian Crowd 5.0.0
Remediation
Upgrade to the latest version of Atlassian Crowd, available from the Atlassian Website.