Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-7355

Information disclosure vulnerability (private repos, teams)

    XMLWordPrintable

Details

    Description

      There is an information disclosure vulnerability present in BitBucket 38a1a76297f0 / 9a539a797f36.

      A bitbucket team that has a public list of members but private repositories will never show the repositories on the team page and the page will never show the number of private repositories on that team.

      However, through a member's individual profile (on their own bitbucket page), their memberships to teams lists the number of repositories belonging to each team, even if those teams have all repositories marked as private.

      example (sorry to pick on you, Matt):
      https://bitbucket.org/MattCampbell/

      Attachments

        Activity

          People

            Unassigned Unassigned
            b5c872602af6 kanzure
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: