Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
4
-
1
-
Description
The "About Bitbucket" page can be accessed anonymously. This can expose the Bitbucket application versions and libraries included. Some customers might want to prevent this information from being available as it could be used to target other vulnerabilities specific to the version.
Other pages which can be accessed by unauthenticated users are:
<BITBUCKET_URL>/rest/menu/latest/appswitcher
<BITBUCKET_URL>/plugins/servlet/opensearch-descriptor
Provide an option to disable anonymous access to these pages