Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-10439

Race condition in auto-unapprove plugin - CVE-2017-16857

    XMLWordPrintable

Details

    Description

      It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.
      This allows an attacker to merge any code into unsuspecting repositories.

      All versions before version 3.0.1 of the auto-unapprove plugin are affected, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

      Attachments

        Activity

          People

            khughes@atlassian.com Kristy
            khughes@atlassian.com Kristy
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: