Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-18088

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

Published

2018-02-15T13:29:00.297

Last Modified

2024-11-21T03:19:20.117

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	atlassian	bitbucket	< 5.3.7	Yes
Application	atlassian	bitbucket	< 5.4.6	Yes
Application	atlassian	bitbucket	< 5.5.6	Yes
Application	atlassian	bitbucket	< 5.6.3	Yes
Application	atlassian	bitbucket	< 5.7.1	Yes

References

http://www.securityfocus.com/bid/103040 Third Party Advisory, VDB Entry ([email protected])
https://jira.atlassian.com/browse/BSERV-10594 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/103040 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/BSERV-10594 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)