PT-2018-6667 · Atlassian · Bitbucket Server+1
Publicado
2018-02-15
·
Atualizado
2018-03-15
·
CVE-2017-18088
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Atlassian Bitbucket Server versions prior to 5.3.7
Atlassian Bitbucket Server versions 5.4.0 through 5.4.5
Atlassian Bitbucket Server versions 5.5.0 through 5.5.5
Atlassian Bitbucket Server versions 5.6.0 through 5.6.2
Atlassian Bitbucket Server versions 5.7.0
Description:
The issue allows remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection in plugin servlet resources.
Recommendations:
For versions prior to 5.3.7, update to version 5.3.7 or later.
For versions 5.4.0 through 5.4.5, update to version 5.4.6 or later.
For versions 5.5.0 through 5.5.5, update to version 5.5.6 or later.
For versions 5.6.0 through 5.6.2, update to version 5.6.3 or later.
For version 5.7.0, update to version 5.7.1 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bitbucket Server
Bitbucket