05 Déc 2017
CVE-2017-16857 - CVE Vulnerability
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. (CVSS:0.0) (Last Update:2017-12-05)
Vulnerability Details : It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket. Publish Date : 2017-12-05 Last Update Date : 2017-12-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-16857
- References For CVE-2017-16857
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-16857There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |