Security Advisory

CVE-2017-16857

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-12-05 16:00:00

Last updated 2024-09-17 02:01:17

Assigner atlassian

State PUBLISHED

Description

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.

← Browse all CVEs View on cve.org ↗