Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: None
Component/s: UI
Labels:
None

UIS:
4
Support reference count:
1
Feedback Policy:

We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

The "About Bitbucket" page can be accessed anonymously. This can expose the Bitbucket application versions and libraries included. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version.

Other pages which can be accessed by unauthenticated users are:
<BITBUCKET_URL>/rest/menu/latest/appswitcher
<BITBUCKET_URL>/plugins/servlet/opensearch-descriptor

Provide an option to disable anonymous access to these pages

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

Screen Shot 2021-07-28 at 9.53.23 AM.png
274 kB
28/Jul/2021 7:53 AM

Activity

People

Assignee:: Unassigned

Reporter:: Themis

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Jul/2021 8:03 AM

Updated:: 05/Apr/2024 3:10 AM