-
Bug
-
Resolution: Fixed
-
Low
-
7.21.0
-
1
-
Severity 3 - Minor
-
Issue Summary
On application startup, if the database is down the Bitbucket application displays the sensitive database hostname & port details in the error message in browser.
Error Message:
The database, as currently configured, is not accessible. Connection to <DB-HOSTNAME>:<PORT> refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
This is reproducible on Data Center: (yes)
Steps to Reproduce
- Shutdown both the Bitbucket application and the external database.
- Start the Bitbucket application and access the <BITBUCKET-BASE-URL> in the browser.
Expected Results
The error message in the browser should display generic database connectivity issue.
Actual Results
The error message in the browser displays the sensitive <DB-HOSTNAME>:<PORT> that can be seen by any user accessing the Bitbucket base url at that time.
The database, as currently configured, is not accessible. Connection to <DB-HOSTNAME>:<PORT> refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Workaround
Currently no workaround to hide this sensitive details in the error message.
- mentioned in
-
Page Loading...