Details
-
Type:
Suggestion
-
Status: Gathering Interest (View Workflow)
-
Resolution: Unresolved
-
Fix Version/s: None
-
Component/s: Security - Other
-
Labels:None
-
UIS:5
-
Feedback Policy:
Description
When an external library or repo is added, committed and pushed to a Stash/Bitbucket Server repo as a submodule, the link within the Stash/Bitbucket Server Web GUI takes the visitor to the external location. This means that the referer (referrer) url (Stash/Bitbucket Server) is sent to the external server and is logged. This is poses as a data/information leak.