Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).
References
Link | Resource |
---|---|
https://github.com/bitwarden/server/pull/827 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-21T16:59:13
Updated: 2020-07-21T16:59:13
Reserved: 2020-07-21T00:00:00
Link: CVE-2020-15879
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-21T17:15:12.263
Modified: 2020-07-24T15:23:00.163
Link: CVE-2020-15879
JSON object: View
Redhat Information
No data.
CWE