Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-2672

Raw_author can be used by other an user for putting events on other user's timeline (BB-319)

    XMLWordPrintable

Details

    Description

      I'm from masterbranch.com
      I'm now working on BitBucket's support and I found what can be an issue with users and raw_authors while I was dealing with the verification of authors.

      For instance If I set up my ~/.hgrc as
      {{{
      [ui]
      username = Jesper Noehr <With his mail at the commit changesets>
      verbose = True
      }}}

      I can push changes to a repository which I'm the owner after login with my account e.g masterbranch

      And when the commit is pushed, everything is OK, but instead of putting my BB user id as the author, is the raw_author (that i set up in my system) user id, and is also putted in their activity timeline, in this case if I use this .hgrc will be jesper.

      Is not a critical issue, but can be "exploited" for spamming/ annoying purposes I think.

      Cheers

      Attachments

        Activity

          People

            Unassigned Unassigned
            legacy-bitbucket-user Legacy Bitbucket Cloud User (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: