Server Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket Server allows remote attackers to determine open ports in unreachable services via the Github repository importer

Server Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket Server allows remote attackers to determine open ports in unreachable services via the Github repository importer

CVE-2017-18036 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Request Forgery (SSRF) vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.