• Type: Bug
• Resolution: Fixed
• Priority: High
• Fix Version/s: None
• Affects Version/s: None
• Component/s: None
• Labels:

  • CVE-2017-16857
  • advisory
  • advisory-released
  • race-condition
  • security

[BSERV-10439] Race condition in auto-unapprove plugin - CVE-2017-16857

Owen made changes - 10/Apr/2019 6:47 AM

Workflow

Original: Stash Workflow - Restricted [ 2486770 ]

New: JAC Bug Workflow v3 [ 3137287 ]

Owen made changes - 24/Oct/2018 5:04 AM

Symptom Severity

Original: Major [ 14431 ]

New: Severity 2 - Major [ 15831 ]

David Black made changes - 01/Feb/2018 3:37 AM

Labels

Original: CVE-2017-16857 race-condition security

New: CVE-2017-16857 advisory advisory-released race-condition security

David Black made changes - 01/Feb/2018 3:37 AM

Labels

Original: CVE-2017-16857 security

New: CVE-2017-16857 race-condition security

David Black made changes - 29/Jan/2018 6:31 AM

Remote Link

Original: This issue links to "Page (Extranet)" [ 338081 ]

David Black made changes - 06/Dec/2017 12:15 AM

Summary

Original: Race condition in auto-unapprove plugin

New: Race condition in auto-unapprove plugin - CVE-2017-16857

David Black made changes - 06/Dec/2017 12:08 AM

Description

Original: It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.  This allows an attacker to merge any code into unsuspecting repositories. This affects all versions before version 3.0.1 of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

New: It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.  This allows an attacker to merge any code into unsuspecting repositories. All versions before version 3.0.1 of the auto-unapprove plugin are affected, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

David Black made changes - 06/Dec/2017 12:07 AM

Description

Original: It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

New: It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end.  This allows an attacker to merge any code into unsuspecting repositories. This affects all versions before version 3.0.1 of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket

Collapse comment: Matt Hart (Inactive) added a comment - 05/Dec/2017 5:13 AM

Matt Hart (Inactive) added a comment - 05/Dec/2017 5:13 AM

CVSS v3 score: 8.5 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	High
Privileges Required	Low
User Interaction	None

Scope Metric

Scope	Changed

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

Expand comment: Matt Hart (Inactive) added a comment - 05/Dec/2017 5:13 AM

Matt Hart (Inactive) added a comment - 05/Dec/2017 5:13 AM CVSS v3 score: 8.5 => High severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required Low User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity High Availability High

Matt Hart (Inactive) made changes - 05/Dec/2017 5:13 AM

Labels

New: CVE-2017-16857 security

Load more older events