CVE-2017-18036

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 64.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian BitbucketAtlassian Bitbucket Server
Timeline
PublishedFeb 2
Latest updateMay 13

Description

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5atlassian/bitbucket_serverprior to 5.3.0
NVDatlassian/bitbucket< 5.3.0

🔴Vulnerability Details

2
GHSA
GHSA-mj3p-gh52-6479: The Github repository importer in Atlassian Bitbucket Server before version 52022-05-13
CVEList
CVE-2017-18036: The Github repository importer in Atlassian Bitbucket Server before version 52018-02-02