Skip to main content

Bitbucket Keys

Description

General

  • Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/

  • Summary: Bitbucket provides hosting for source code and software development that use Mercurial or Git as Version Control Systems. Bitbucket keys are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider.

    Obtaining this secret could allow an attacker to: - create a phishing authentication page, undistinguishable from the original - use compromised user credentials to create valid access tokens to the application

Revoke the secret

The only way to revoke the secret is to delete the OAuth consumer and create a new one.

Details for Bitbucket Keys

  • Family: credentials

  • Category: version_control_platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

Details for Bitbucket Keys Basic Auth

  • Family: credentials

  • Category: version_control_platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.06

  • Prefixed: False