Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
bitbucket/api/2.0/repositories
Bitbucket Repositories API
What an attacker could do
The Bitbucket repositories API can enumerate workspace projects and, with stolen app passwords or tokens, expose source code and pipeline configuration enabling code tampering and credential theft.
How to defend it
Restrict repositories to private, issue scoped app passwords/OAuth tokens with minimal permissions, and enforce 2FA and IP allow-listing on API access.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation