CVE-2020-14170

2020-07-0900:00:00

atlassian

www.cve.org

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.5%

JSON

Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability.

CNA Affected

[
  {
    "product": "Bitbucket Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "5.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.3.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/BSERV-12433