{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-16T10:57:01", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"name": "103040", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103040"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://jira.atlassian.com/browse/BSERV-10594"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "ID": "CVE-2017-18088", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "103040", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103040"}, {"name": "https://jira.atlassian.com/browse/BSERV-10594", "refsource": "CONFIRM", "url": "https://jira.atlassian.com/browse/BSERV-10594"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:13:47.461Z"}, "title": "CVE Program Container", "references": [{"name": "103040", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103040"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://jira.atlassian.com/browse/BSERV-10594"}]}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2017-18088", "datePublished": "2018-02-15T13:00:00", "dateReserved": "2018-02-01T00:00:00", "dateUpdated": "2024-08-05T21:13:47.461Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "59FACEA5-6BFF-4F86-AAD0-A010E635781F", "versionEndExcluding": "5.3.7", "versionStartIncluding": "5.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "846BD10D-C2A1-402D-BACA-EC410D291253", "versionEndExcluding": "5.4.6", "versionStartIncluding": "5.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "563880B8-8258-408B-AEFD-550977F2DD57", "versionEndExcluding": "5.5.6", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CF75C29-BCCA-4994-BE58-BCD08950D0B2", "versionEndExcluding": "5.6.3", "versionStartIncluding": "5.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0A49A1F-0B79-4BB3-B53A-D4905F5E6AC5", "versionEndExcluding": "5.7.1", "versionStartIncluding": "5.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection."}, {"lang": "es", "value": "Varios recursos del servlet del plugin en Atlassian Bitbucket Server, en versiones anteriores a la 5.3.7 (la versi\u00f3n solucionada para 5.3.x), desde la versi\u00f3n 5.4.0 anterior a la 5.4.6 (la versi\u00f3n solucionada para 5.4.x), desde la versi\u00f3n 5.5.0 anterior a la 5.5.6 (la versi\u00f3n solucionada para 5.5.x), desde la versi\u00f3n 5.6.0 anterior a la 5.6.3 (la versi\u00f3n solucionada para 5.6.x), desde la versi\u00f3n 5.7.0 anterior a la 5.7.1 (la versi\u00f3n solucionada para 5.7.x) y en versiones anteriores a la 5.8.0, permiten que los atacantes remotos lleven a cabo ataques de secuestro de clics integrando varios recursos que carec\u00edan de protecci\u00f3n contra secuestro de clics."}], "id": "CVE-2017-18088", "lastModified": "2024-11-21T03:19:20.117", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-15T13:29:00.297", "references": [{"source": "security@atlassian.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103040"}, {"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BSERV-10594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://jira.atlassian.com/browse/BSERV-10594"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}