CVE-2017-18088

CWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 57.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bitbucket
Timeline
PublishedFeb 15
Latest updateMay 14

Description

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protect

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDatlassian/bitbucket5.3.05.3.7+4

🔴Vulnerability Details

3
GHSA
GHSA-g674-wrw3-m4q6: Various plugin servlet resources in Atlassian Bitbucket Server before version 52022-05-14
OSV
openjpeg2 vulnerabilities2019-08-21
CVEList
CVE-2017-18088: Various plugin servlet resources in Atlassian Bitbucket Server before version 52018-02-15
CVE-2017-18088 (MEDIUM CVSS 4.3) | Various plugin servlet resources in | cvebase.io