Affected versions of Atlassian Bitbucket Server allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in Webhooks.
When running in an environment like Amazon EC2, this flaw may be used to access to a metadata resource that provides access credentials and other potentially confidential information.
Affected versions:
Fixed versions:
CPE | Name | Operator | Version |
---|---|---|---|
bitbucket server | lt | 7.3.1 | |
bitbucket server | le | 5.4.0 |