Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25739

Bitbucket Cloud integration REST endpoint ignores security settings for anonymous users

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Low Low
    • 9.6.1, 9.5.3
    • 9.0.0, 9.1.0, 9.3.0, 9.2.1, 9.4.0, 9.5.0, 9.6.0
    • REST API
    • None

      Issue Summary

      This is reproducible on Data Center: (yes) / (no)

      Steps to Reproduce

      1. Remove Anonymous user VIEW global permission
      2. Uncheck "Allow anonymous users to trigger remote repository change detection and Bamboo Specs detection" checkbox at Security settings
      3. Call POST /rest/bitbucket-cloud/latest/webhooks REST endpoint as anonymous user

      Expected Results

      Http response 401 should be returned as admin doesn't allow anonymous user to trigger change detection or specs scanning

      Actual Results

      204 Http response is returned for a valid payload

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

            [BAM-25739] Bitbucket Cloud integration REST endpoint ignores security settings for anonymous users

            There are no comments yet on this issue.

              Unassigned Unassigned
              achystoprudov Alexey Chystoprudov
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: