Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-10439

Race condition in auto-unapprove plugin - CVE-2017-16857

    XMLWordPrintable

    Details

      Description

      It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.
      This allows an attacker to merge any code into unsuspecting repositories.

      All versions before version 3.0.1 of the auto-unapprove plugin are affected, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: