Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-13870

Improper checking during PR reviews allows participants to +2 themselves.

    XMLWordPrintable

Details

    Description

      I am not sure if this has been reported before (and possibly patched already), or if this is the proper channel to report it.

      I realized that one can self-approve a PR (at least in v 4.10.1).

      Reproduction steps.

      1. Person A creates a branch, opens a new PR and add Person B as a reviewer.
      2. Person B does another commit on that PR and pushes.
      3. The PR now has commits from Person A and Person B.
      4. Person B shouldn't be able to review it anymore. Yet, he is and he can self-approve and merge.

      This bug has some security implications also.

      Attachments

        Activity

          People

            Unassigned Unassigned
            9dacb6d2c1c8 frite
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: