Details
-
Bug
-
Resolution: Fixed
-
Medium
-
7.6.22, 7.17.15, 7.21.10
-
1
-
Severity 3 - Minor
-
Description
While configuring webhooks in bitbucket, we have the option to provide a secret key that is not masked, and hence the plain text secret key is visible in audit logs, kindly mask the secret key
Steps to reproduce
- Configure webhook in Bitbucket server
- When the hook is created,modified we see the secret key in Plan text in the audit logs.
Work Around :
Currently we only have one work around to turn off Local configuration and administration log level in audit settings, which also disables other useful login events which is not desirable.