Server Side Request Forgery Vulnerability in Atlassian Bitbucket Server
CVE-2017-18036

4.3MEDIUM

Key Information:

Vendor: Atlassian
Status: Bitbucket Server
Vendor: CVE Published:; 2 February 2018

What is CVE-2017-18036?

The Github repository importer in Atlassian Bitbucket Server prior to version 5.3.0 contains a server-side request forgery (SSRF) vulnerability. This flaw allows remote attackers to discern whether an external service, which they are otherwise unable to access, has open ports. By exploiting this vulnerability, attackers can gather information about the network and potentially use it for further exploitations.

Affected Version(s)

Bitbucket Server prior to 5.3.0

References

https://jira.atlassian.com/browse/BSERV-10591

x_refsource_CONFIRM

http://www.securityfocus.com/bid/102932

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 2, 2018
Vulnerability Reserved
Jan 17, 2018