Details
-
Bug
-
Status: Closed (View Workflow)
-
Low
-
Resolution: Fixed
-
5.4.0
-
Severity 2 - Major
-
Description
Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.
Affected versions:
- 5.4.0 <= version < 7.3.1
Fixed versions:
- 7.3.1