Details
-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Low
-
Resolution: Fixed
-
Affects Version/s: 5.4.0
-
Fix Version/s: 7.3.1
-
Component/s: Webhooks
-
Symptom Severity:Severity 2 - Major
-
Bug Fix Policy:
Description
Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.
Affected versions:
- 5.4.0 <= version < 7.3.1
Fixed versions:
- 7.3.1