Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-19086

CVE-2023-48795 vulnerability on SSH

XMLWordPrintable

      Strict key exchange support

      The server now supports strict key exchange in 8.9.10+ (LTS), 8.13.6+, 8.14.5+, 8.15.4+, 8.16.3+, 8.17.1+ and 8.18.0+.
      If old SSH clients that don't support strict key exchange are being used, impacted ciphers can be disabled by adding them in the following properties in $BITBUCKET_HOME/shared/bitbucket.properties:

      plugin.ssh.disabled.ciphers=arcfour128, arcfour256, aes128-cbc, aes192-cbc, aes256-cbc, 3des-cbc, blowfish-cbc, chacha20-poly1305@openssh.com
plugin.ssh.disabled.macs=hmac-md5, hmac-sha1-96, hmac-md5-96, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha1-etm@openssh.com

      Bitbucket Data Center version 8.9.8 detects as being vulnerable to the Terrapin SSH vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2023-48795

      The recommended fix is to configure the SSH server to disable the ChaCha20-Poly1305 cipher and, if using default MACs, avoid enabling any cbc ciphers.

              Unassigned Unassigned
              012c933560a7 Caitlin Laughrey
              Votes:
              4 Vote for this issue
              Watchers:
              18 Start watching this issue

                Created:
                Updated:
                Resolved: