CVE-2017-16857
CVE-2017-16857
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 dic 2017Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.
Productos afectados
Atlassian · Auto-Unapprove Plugin (for Bitbucket Server)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →