Add option to disable anonymous access to the "About" Bitbucket page

XMLWordPrintable

    • Type: Suggestion
    • Resolution: Unresolved
    • None
    • Component/s: UI
    • None
    • 4
    • 3

      The "About Bitbucket" page can be accessed anonymously. This can expose the Bitbucket application versions and libraries included. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version.

      Other pages which can be accessed by unauthenticated users are:
      <BITBUCKET_URL>/rest/menu/latest/appswitcher
      <BITBUCKET_URL>/plugins/servlet/opensearch-descriptor

      Provide an option to disable anonymous access to these pages

       

        1. Screen Shot 2021-07-28 at 9.53.23 AM.png
          Screen Shot 2021-07-28 at 9.53.23 AM.png
          274 kB

            Assignee:
            Unassigned
            Reporter:
            Themis
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: