CVE-2017-16857

Current Description

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.

Basic Data

PublishedDecember 05, 2017
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.0
SeverityMEDIUM
Exploitability Score6.8
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS 3 - Attack VectorNETWORK
CVSS 3 - Attack ComplexityHIGH
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score8.5
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin1.0.0*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin1.0.0beta1******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin1.1.0*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin1.2.0*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.0.1*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.0.2*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.0.4*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.1.1*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.1.3*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin2.2.0*******
    2.3ApplicationAtlassianBitbucket Auto Unapprove Plugin3.0.0*******

Vulnerable Software List

VendorProductVersions
Atlassian Bitbucket Auto Unapprove Plugin 1.0.0, 1.1.0, 1.2.0, 2.0.1, 2.0.2, 2.0.4, 2.1.1, 2.1.3, 2.2.0, 3.0.0

References

NameSourceURLTags
https://jira.atlassian.com/browse/BSERV-10439https://jira.atlassian.com/browse/BSERV-10439CONFIRMIssue Tracking Vendor Advisory