Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-25739

Bitbucket Cloud integration REST endpoint ignores security settings for anonymous users

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Low
    • 9.6.1, 9.5.3
    • 9.0.0, 9.1.0, 9.3.0, 9.2.1, 9.4.0, 9.5.0, 9.6.0
    • REST API
    • None

    Description

      Issue Summary

      This is reproducible on Data Center: (yes) / (no)

      Steps to Reproduce

      1. Remove Anonymous user VIEW global permission
      2. Uncheck "Allow anonymous users to trigger remote repository change detection and Bamboo Specs detection" checkbox at Security settings
      3. Call POST /rest/bitbucket-cloud/latest/webhooks REST endpoint as anonymous user

      Expected Results

      Http response 401 should be returned as admin doesn't allow anonymous user to trigger change detection or specs scanning

      Actual Results

      204 Http response is returned for a valid payload

      Workaround

      Currently there is no known workaround for this behavior. A workaround will be added here when available

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Activity

            People

              Unassigned Unassigned
              achystoprudov Alexey Chystoprudov
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: