SSRF in Atlassian Bitbucket Server

CVE-2017-18036

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.002 (35.3th percentile) — read the EPSS interpretation.

Affected products

Atlassian Bitbucket Server — versions prior to 5.3.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

jira.atlassian.com/browse/BSERV-10591 (x_refsource_CONFIRM)
102932 (vdb-entry, x_refsource_BID)