Medium severity4.3NVD Advisory· Published Feb 15, 2018· Updated Jun 17, 2026
CVE-2017-18088
CVE-2017-18088
Description
Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5.6.0 before 5.6.3 (the fixed version for 5.6.x), from version 5.7.0 before 5.7.1 (the fixed version for 5.7.x) and before 5.8.0 allow remote attackers to conduct clickjacking attacks via framing various resources that lacked clickjacking protection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<5.3.7||>=5.4.0,<5.4.6||>=5.5.0,<5.5.6||>=5.6.0,<5.6.3||>=5.7.0,<5.7.1||<5.8.0+ 1 more
- (no CPE)range: <5.3.7||>=5.4.0,<5.4.6||>=5.5.0,<5.5.6||>=5.6.0,<5.6.3||>=5.7.0,<5.7.1||<5.8.0
- (no CPE)range: <5.3.7, <5.4.6, <5.5.6, <5.6.3, <5.7.1, <5.8.0
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/103040nvdThird Party AdvisoryVDB Entry
- jira.atlassian.com/browse/BSERV-10594nvdVendor Advisory
News mentions
0No linked articles in our index yet.