VYPR
High severity8.5NVD Advisory· Published Dec 5, 2017· Updated Jun 17, 2026

CVE-2017-16857

CVE-2017-16857

Description

It is possible to bypass the bitbucket auto-unapprove plugin via minimal brute-force because it is relying on asynchronous events on the back-end. This allows an attacker to merge any code into unsuspecting repositories. This affects all versions of the auto-unapprove plugin, however since the auto-unapprove plugin is not bundled with Bitbucket Server it does not affect any particular version of Bitbucket.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

14
  • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.0.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atlassian:bitbucket_auto_unapprove_plugin:3.0.0:*:*:*:*:*:*:*
    • (no CPE)range: All versions prior to version 3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.