First published: Thu Feb 15 2018(Updated: )
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Bitbucket | >=5.3.0<5.3.7 | |
Atlassian Bitbucket | >=5.4.0<5.4.6 | |
Atlassian Bitbucket | >=5.5.0<5.5.6 | |
Atlassian Bitbucket | >=5.6.0<5.6.3 | |
Atlassian Bitbucket | >=5.7.0<5.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2017-18088.
The severity of CVE-2017-18088 is medium.
Atlassian Bitbucket Server versions before 5.3.7, 5.4.6, 5.5.6, and 5.6.3 are affected by CVE-2017-18088.
To fix CVE-2017-18088, you should upgrade Atlassian Bitbucket Server to version 5.3.7, 5.4.6, 5.5.6, or 5.6.3.
Yes, you can find references for CVE-2017-18088 at the following links: [SecurityFocus](http://www.securityfocus.com/bid/103040) and [Atlassian Jira](https://jira.atlassian.com/browse/BSERV-10594).