CVE-2020-14170: SSRF
First published: Thu Jul 09 2020(Updated: )
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
Credit: security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Bitbucket | >=5.4.0<7.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Bitbucket Server vulnerability?
The vulnerability ID for this Bitbucket Server vulnerability is CVE-2020-14170.
What is the severity level of CVE-2020-14170?
CVE-2020-14170 has a severity level of medium.
What is the affected software for CVE-2020-14170?
The affected software for CVE-2020-14170 is Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1.
How does CVE-2020-14170 impact the system?
CVE-2020-14170 allows remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
Is there a fix available for CVE-2020-14170?
Yes, a fix is available for CVE-2020-14170. It is recommended to upgrade Atlassian Bitbucket Server to version 7.3.1 or later.
- collector/nvd-index
- vendor/atlassian
- canonical/atlassian bitbucket
- version/atlassian bitbucket/5.4.0