CVE-2020-15879

Name of the Vulnerable Software and Affected Versions Bitwarden Server version 1.35.1

Description The issue allows for Server-Side Request Forgery (SSRF) due to the server not properly considering certain IPv6 and IPv4 addresses. Specifically, it does not account for IPv6 addresses starting with fc, fd, fe, or ff, and the :: address, as well as certain IPv4 addresses including 0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16.

Recommendations For Bitwarden Server version 1.35.1, consider updating to a version that properly handles these IPv6 and IPv4 addresses to prevent SSRF. As a temporary workaround, restrict access to sensitive resources that could be exploited through SSRF.