Detections
Analytics

Atlassian BitBucket Public Repository Detected

medium Web App Scanning Plugin ID 114569

Language:

Synopsis

Atlassian BitBucket Public Repository Detected

Description

Atlassian BitBucket source code repositories can be either private or public, thus allowing any anonymous (unauthentivcated) user to access the project and its content. When this feature is unexpectedly enabled on a private source code repository, a remote and unauthenticated attacker could access sensitive information.

Solution

Ensure that it is expected that the target Atlassian Bitbucket instance allows public access to some of the hosted projects source code and disable it if necessary.

See Also

https://confluence.atlassian.com/bitbucketserver/allowing-public-access-to-code-776639799.html

https://www.atlassian.com/software/bitbucket

Plugin Details

Severity: Medium

ID: 114569

Type: remote

Published: 1/28/2025

Updated: 1/28/2025

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information