Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-4064

Private repositories tell you about their existance

    XMLWordPrintable

Details

    Description

      You can find out what private repositories exist by brute-forcing the urls while not being logged in.

      If a private repository exists you are redirectet to a login-page, e.g.:

      https://bitbucket.org/account/signin/?next=/conro/test

      If a private repository does not exist, you get a 404, eg:

      https://bitbucket.org/conro/doesNorExist

      This is a problem if the public should not know about the existance of private repository, e.g: /apple/ios7 or /valve/hl3

      Attachments

        Activity

          People

            mbertrand aMarcus (Inactive)
            c9eeee349378 ConradR
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: