// For flags

CVE-2017-16857

 

Severity Score

8.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.

Es posible omitir el plugin bitbucket auto-unapprove mediante fuerza bruta mínima, ya que depende de eventos asíncronos en el back end. Esto permite que un atacante combine cualquier código en repositorios no planeados. Esto afecta a todas las versiones del plugin auto-unapprove; sin embargo, debido a que el plugin auto-unapprove no está agrupado con Bitbucket Server, no afecta a ninguna versión en particular de Bitbucket.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-11-16 CVE Reserved
  • 2017-12-05 CVE Published
  • 2024-09-17 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://jira.atlassian.com/browse/BSERV-10439 2019-10-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 1.0.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "1.0.0"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 1.0.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "1.0.0"
beta1
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 1.1.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "1.1.0"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 1.2.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "1.2.0"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.0.1
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.0.1"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.0.2
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.0.2"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.0.4
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.0.4"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.1.1
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.1.1"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.1.3
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.1.3"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 2.2.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "2.2.0"
-
Affected
Atlassian
Search vendor "Atlassian"
 Bitbucket Auto Unapprove Plugin
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin"
 3.0.0
Search vendor "Atlassian" for product "Bitbucket Auto Unapprove Plugin" and version "3.0.0"
-
Affected