Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-18088

Опубликовано: 15 фев. 2018
Источник: nvd
CVSS3: 4.3
CVSS2: 4.3
EPSS Низкий

Описание

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Версия от 5.3.0 (включая) до 5.3.7 (исключая)
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Версия от 5.4.0 (включая) до 5.4.6 (исключая)
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Версия от 5.5.0 (включая) до 5.5.6 (исключая)
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Версия от 5.6.0 (включая) до 5.6.3 (исключая)
cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*
Версия от 5.7.0 (включая) до 5.7.1 (исключая)

EPSS

Процентиль: 42%
0.00205
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-g674-wrw3-m4q6

CVSS3: 4.3
github
больше 3 лет назад

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

EPSS

Процентиль: 42%
0.00205
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20