Vulnerability Description
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Atlassian | Bitbucket | >= 5.3.0, < 5.3.7 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103040Third Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/BSERV-10594Vendor Advisory
- http://www.securityfocus.com/bid/103040Third Party AdvisoryVDB Entry
- https://jira.atlassian.com/browse/BSERV-10594Vendor Advisory
FAQ
What is CVE-2017-18088?
CVE-2017-18088 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 bef...
How severe is CVE-2017-18088?
CVE-2017-18088 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-18088?
Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Bitbucket.