Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-2133

Minor security issue

    XMLWordPrintable

Details

    Description

      When not logged in, if I try to access the url of one of my private repos, I get a message stating that I do not have access to that repo. By stating that I do not have access to that repo, information about the private repo (its name and confirmation of its existence) is being implicitly divulged. It seems it would be more secure to simply throw a 404 when trying to access a private repo without permission to do so.

      I'm not trying to be a condescending dick, I love your service, but it seems reasonable to deny access to //any// piece of information associated with a private repository. Thanks for reading and I look forward to enjoying your fine service for a long time to come!

      Derek

      Attachments

        Activity

          People

            18103154f924 jespern
            legacy-bitbucket-user Legacy Bitbucket Cloud User (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: