Details
-
Suggestion
-
Resolution: Unresolved
-
None
Description
Currently, anyone that has at least write access to a repository is able to edit its bitbucket-pipelines.yml file.
This is a problem because Pipelines, as a CI/CD platform, may have access to restricted environments that any common user shouldn't really have. Allowing anyone with write access to edit bitbucket-pipelines.yml files basically gives them the ability to run arbitrary commands that may be unwanted.
The suggestion, in this case, would be to restrict everyone from using the bitbucket-pipelines.yml file, except users who get explicitly whitelisted to edit this file.
Attachments
Issue Links
- duplicates
-
BCLOUD-19453 Add extra permission to edit bitbucket-pipelines.yml file
- Closed