Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-12935

Add option to disable anonymous access to the "About" Bitbucket page

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: UI
    • Labels:
      None
    • UIS:
      19
    • Support reference count:
      1
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      The "About Bitbucket" page can be accessed anonymously. This can expose the Bitbucket application versions and libraries included. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version.

      Other pages which can be accessed by unauthenticated users are:
      <BITBUCKET_URL>/rest/menu/latest/appswitcher
      <BITBUCKET_URL>/plugins/servlet/opensearch-descriptor

      Provide an option to disable anonymous access to these pages

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            tathanassiadou Themis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: