PT-2018-6628 · Atlassian · Bitbucket Server+1

Published

2018-02-02

Updated

2019-10-09

CVE-2017-18036

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server versions prior to 5.3.0

Description: The issue allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability. This is related to the Github repository importer in Atlassian Bitbucket Server.

Recommendations: For versions prior to 5.3.0, update to version 5.3.0 or later to resolve the issue.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2017-18036

Affected Products

Bitbucket Server

Bitbucket

PT-2018-6628 · Atlassian · Bitbucket Server+1

CVE-2017-18036

Weakness Enumeration

Related Identifiers

Affected Products

References · 5