Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Medium
Fix Version/s: 6.1.0, 5.16.2, 6.0.1
Affects Version/s: None
Component/s: Repositories
Labels:
- dob-pr

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Accessing the following specific URLs as a user who has only read access to a repository can see repository settings if they specifically use the following URLs

{BITBUCKET_URL}/projects/{PROJECT_SLUG}/repos/{REPO_SLUG}/settings/merge-checks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/repos/{REPO_SLUG}/settings/hooks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/settings/merge-checks
{BITBUCKET_URL}/projects/{PROJECT_SLUG}/settings/hooks

Expected Outcome:
Users receive a 401

Actual Outcome:
Users can see the checks and hooks. When you attempt to change them you receive a permissions error

Attachments

Issue Links

causes

BSERV-14146 Hook settings rest endpoint is incorrectly documented as REPO_READ

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: Kristy

Reporter:: Aaron

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 17/Jul/2018 2:46 PM

Updated:: 21/Jun/2023 12:43 AM

Resolved:: 11/Feb/2019 12:14 AM