Bitbucket Keys
#
Description#
General- Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/
- Summary:
Bitbucket
provides hosting for source code and software development that useMercurial
orGit
as Version Control Systems.Bitbucket keys
are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider. Obtaining this secret could allow an attacker to:
- create a phishing authentication page, undistinguishable from the original
- use compromised user credentials to create valid access tokens to the application
- IPs allowlist: There is no IP allowlisting possible.
- Scopes: The permissions associated with the tokens issued by the OAuth consumer can be configured, see docs.
#
Revoke the secretThe only way to revoke the secret is to delete the OAuth consumer and create a new one.
#
Check for suspicious activityNot available for now.
Bitbucket keys
#
Details for Family: Api
Category: Version control platform
Company: Bitbucket
High recall: False
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.24
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^[aps]?cssc?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - bitbucket
#
Examples- text: | + +const BITBUCKET_CLIENT_ID = "abC1P65CUCRb1wSBsG" // or get from process.env.GITHUB_CLIENT_ID +const BITBUCKET_CLIENT_SECRET = "4K8vvBdjQFeas5JXDCup6KffqBhcK90e" // or get from process.env.GITHUB_CLIENT_SECRET
client_id: abC1P65CUCRb1wSBsG client_secret: 4K8vvBdjQFeas5JXDCup6KffqBhcK90e
Bitbucket keys basic auth
#
Details for Family: Api
Category: Version control platform
Company: Bitbucket
High recall: False
Validity check available: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.06
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^[aps]?cssc?~?$ - ^storyboard(c|er)?~?$ - ^xib$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: false ban_markup: false- type: ContentWhitelistPreValidator patterns: - bitbucket
#
Examples- text: | + + https://ajA8T25UYEGd5wKFvC:6K2voBdjQFaas5NXLCup6KwzwBkcK93f@bitbucket.com
client_id: ajA8T25UYEGd5wKFvC client_secret: 6K2voBdjQFaas5NXLCup6KwzwBkcK93f