Free

CVE Series: Atlassian Bitbucket Command Injection (CVE-2022-36804)

The Atlassian Bitbucket command injection flaw (CVE-2022-36804) is a remote, unauthenticated, command injection vulnerability affecting application programming interface (API) endpoints in Bitbucket Server and Data Center. Stop an attacker from stealing sensitive information or installing malware as you exploit and mitigate this vulnerability!

Start Course Need to train your team? Learn more

Create Free Account Need to train your team? Learn more

Time

intermediate

difficulty

ceu/cpe

Course Content

Atlassian Bitbucket Vulnerability Exploitation and Mitigation

Course Description

## Why Take This Course

The Atlassian Bitbucket command injection flaw (CVE-2022-36804) is a remote, unauthenticated, command injection vulnerability affecting multiple application programming interface (API) endpoints in Bitbucket Server and Data Center. An attacker could send a specially crafted request to the server to execute arbitrary code, potentially gaining control of the server to steal sensitive information or install malware. With the increased use of APIs within applications it’s imperative for organizations to understand potential attack vectors and how to protect themselves. In this course, learn how to exploit and mitigate this critical vulnerability!

## Who Should Take This Course?

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems. Basic knowledge of Python as a programming language as well as functional knowledge of web applications.

## What makes this course unique?

By the end of this course, you should be able to:

Define the vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders.

Exploit this vulnerability using publicly available exploit code.

Execute various mitigation tactics to reduce risk.

Your instructor, Clint Kehr, is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice, where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award.

This course is part of a Career Path:

No items found.

Instructed by

Senior Instructor

Clint Kehr

Clint is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community.

Provider

Certification Body

Certificate of Completion

Complete this entire course to earn a CVE Series: Atlassian Bitbucket Command Injection (CVE-2022-36804) Certificate of Completion

Page URL

Copy