Details
-
Bug
-
Resolution: Not a bug
-
Highest
-
None
-
4.6.3, 4.12.0
-
None
-
Severity 1 - Critical
-
8
-
Description
Summary
- Enabling feature.public.access on bitbucket.properties allow push to repository(s)
Environment
- Bitbucket server v4.6.3
Steps to Reproduce
- add feature.public.access=true on <bitbucket-home>/shared/bitbucket.properties
- under http://localhost:7990/projects/PROJ/permissions leave:
- Project permissions >> Public access disabled
[ ] Enable - Project permissions >> Default Permission with no access
[ ] No access
- Project permissions >> Public access disabled
- clone a repository
git clone http://localhost:7990/scm/proj/repository.git
git remote -v origin http://localhost:7990/scm/proj/repository.git (fetch) origin http://localhost:7990/scm/proj/repository.git (push)
- create file and push to repository
echo "file" > file.txt
git add file.txt
git commit -m "add file"
git push origin master
Expected Results
- PUSH should not be allowed
Actual Results
- PUSH happens successfully
$ git push origin master Counting objects: 3, done. Delta compression using up to 8 threads. Compressing objects: 100% (2/2), done. Writing objects: 100% (3/3), 281 bytes | 0 bytes/s, done. Total 3 (delta 1), reused 0 (delta 0) To http://localhost:7990/scm/proj/repository.git f5fb254..560f993 master -> master
Notes
Documentation Allowing public access to code should be updated with a note in relation to this bug.
Workaround
- No workaround available
Attachments
Issue Links
- Testing discovered
-
BSERV-9422 Viewing the compare page on a public repository as an anonymous user shows errors
- Closed
- mentioned in
-
Page Loading...