Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: High
Fix Version/s: None
Affects Version/s: 5.4.0, 8.14.0
Component/s: Webhooks
Labels:

Support reference count:
2
Symptom Severity:
Severity 2 - Major
UIS:
2
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Affected versions of Atlassian Bitbucket Data Center allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks.

When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.

Attachments

Issue Links

mentioned in: Page Loading...

Activity

People

Assignee:: Dyon Georgopoulos

Reporter:: Security Metrics Bot

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Due:: 22/Sep/2020

Created:: 23/Jun/2020 4:27 PM

Updated:: 26/Jan/2024 2:44 AM