Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-15988

Non Admin user to a repository can modify the build process and build status

    XMLWordPrintable

Details

    Description

      Today some of my non admin developers had clicked on an already removed integration and re-enabled the integration again.

      The integration was with Codacy (codacy.com)

      1. A point in time Codacy updated the status of a build of a PR.
      2. An Admin user removed the Codacy integration.
      3. A non Admin user can click on the status and jump to Codacy to see the results.
      4. Codacy requests OAuth integration to add the project back into Codacy. (see attachment)
      5. This then causes analysis of projects that had been removed by Admin user of bitbucket and updates the build status again.
          • Non Admin users should not be able to add integrations**
          • When an integration is removed, build status should be removed as well**
          • 3rd Party integrations should not request excessive permissions**

      Attachments

        Activity

          People

            Unassigned Unassigned
            6ae4c7d93f1a Yaniv Yalda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: