Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.2.1, 8.3.0
Affects Version/s: 7.21.0
Component/s: Database Support
Labels:

Support reference count:
1
Symptom Severity:
Severity 3 - Minor
Bug Fix Policy:
View Atlassian Server bug fix policy

Issue Summary

On application startup, if the database is down the Bitbucket application displays the sensitive database hostname & port details in the error message in browser.
Error Message:

The database, as currently configured, is not accessible.
Connection to <DB-HOSTNAME>:<PORT> refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

This is reproducible on Data Center: (yes)

Steps to Reproduce

Shutdown both the Bitbucket application and the external database.
Start the Bitbucket application and access the <BITBUCKET-BASE-URL> in the browser.

Expected Results

The error message in the browser should display generic database connectivity issue.

Actual Results

The error message in the browser displays the sensitive <DB-HOSTNAME>:<PORT> that can be seen by any user accessing the Bitbucket base url at that time.

The database, as currently configured, is not accessible.
Connection to <DB-HOSTNAME>:<PORT> refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.

Workaround

Currently no workaround to hide this sensitive details in the error message.

mentioned in: Page Loading...

Assignee:: Kristy

Reporter:: Rajesh (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 29/Mar/2022 8:51 AM

Updated:: 18/Jul/2022 10:30 AM

Resolved:: 18/Jul/2022 8:34 AM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates