CVE-2020-15879

Published July 21st, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16).

bitwarden/server

Bitwarden infrastructure/backend (API, database, Docker, etc).

GitHub

19.1K