High severity8.5NVD Advisory· Published Dec 5, 2017· Updated Jun 17, 2026
CVE-2017-16857
CVE-2017-16857
Description
It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:3.0.0:*:*:*:*:*:*:*
- (no CPE)range: All versions prior to version 3.0.1
Patches
Vulnerability mechanics
References
1- jira.atlassian.com/browse/BSERV-10439nvdIssue TrackingVendor Advisory
News mentions
0No linked articles in our index yet.