Atlassian Bitbucket is a Git-based repository management solution that provides source code hosting and sharing capabilities.
Tracked as CVE-2022-36804 (CVSS score of 9.9), the now-exploited vulnerability is described as a command injection bug that impacts multiple API endpoints of Bitbucket Server and Data Center.
“An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request,” Atlassian explains.