Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Duplicate
Priority: High
Component/s: Account - Sign Up
Labels:
- migrated

Bug Fix Policy:
View Atlassian Cloud bug fix policy

Description

Hi,

I raised this with Atlassian support previously (PSCLOUD-4539) but they told me to raise it here.

The client I'm working with is using Atlassian Identity Manager/Access to enable SSO logins for Bitbucket Cloud. This is hooked up to their Azure AD.

We've come across a case where you can press "Logout" in Bitbucket, somebody else come along and enter a different username and be logged-in automatically as the first user. This seems like a security issue.

Please see the hastily redacted workflow here.

We have a case where multiple developers might want to work on a shared VM and this could cause issues.

Thanks,

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

4256160305-atlassian-access-security-bug.png
959 kB
08/Sep/2019 11:38 PM

Activity

People

Assignee:: Unassigned

Reporter:: David Harper

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Jun/2018 8:01 AM

Updated:: 08/Sep/2019 11:38 PM

Resolved:: 22/Jun/2018 1:21 PM