Security: Bitbucket SSO - Wrong user logged-in

Issue #16496 duplicate
David Harper created an issue

Hi,

I raised this with Atlassian support previously (PSCLOUD-4539) but they told me to raise it here.

The client I'm working with is using Atlassian Identity Manager/Access to enable SSO logins for Bitbucket Cloud. This is hooked up to their Azure AD.

We've come across a case where you can press "Logout" in Bitbucket, somebody else come along and enter a different username and be logged-in automatically as the first user. This seems like a security issue.

Please see the hastily redacted workflow here.
atlassian-access-security-bug.png

We have a case where multiple developers might want to work on a shared VM and this could cause issues.

Thanks,

Comments (3)

  1. David Harper reporter

    Also, having screenshot 2 pass the email address over to screenshot 3 would be amazing (if possible)

  2. Log in to comment