First published: Thu Jul 09 2020(Updated: )
Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
Credit: security@atlassian.com
Affected Software | Affected Version | How to fix |
---|---|---|
Atlassian Bitbucket | >=5.4.0<7.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Bitbucket Server vulnerability is CVE-2020-14170.
CVE-2020-14170 has a severity level of medium.
The affected software for CVE-2020-14170 is Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1.
CVE-2020-14170 allows remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.
Yes, a fix is available for CVE-2020-14170. It is recommended to upgrade Atlassian Bitbucket Server to version 7.3.1 or later.