VYPR
Medium severity4.3NVD Advisory· Published Feb 15, 2018· Updated Jun 17, 2026

CVE-2017-18088

CVE-2017-18088

Description

Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Atlassian/Bitbucket Serverinferred2 versions
    <5.3.7||>=5.4.0,<5.4.6||>=5.5.0,<5.5.6||>=5.6.0,<5.6.3||>=5.7.0,<5.7.1||<5.8.0+ 1 more
    • (no CPE)range: <5.3.7||>=5.4.0,<5.4.6||>=5.5.0,<5.5.6||>=5.6.0,<5.6.3||>=5.7.0,<5.7.1||<5.8.0
    • (no CPE)range: <5.3.7, <5.4.6, <5.5.6, <5.6.3, <5.7.1, <5.8.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.