Details
-
Bug
-
Resolution: Duplicate
-
High
Description
Hi,
I raised this with Atlassian support previously (PSCLOUD-4539) but they told me to raise it here.
The client I'm working with is using Atlassian Identity Manager/Access to enable SSO logins for Bitbucket Cloud. This is hooked up to their Azure AD.
We've come across a case where you can press "Logout" in Bitbucket, somebody else come along and enter a different username and be logged-in automatically as the first user. This seems like a security issue.
Please see the hastily redacted workflow here.
We have a case where multiple developers might want to work on a shared VM and this could cause issues.
Thanks,