Bitbucket Keys
Description
General
Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/
Summary:
Bitbucket
provides hosting for source code and software development that useMercurial
orGit
as Version Control Systems.Bitbucket keys
are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider.Obtaining this secret could allow an attacker to: - create a phishing authentication page, undistinguishable from the original - use compromised user credentials to create valid access tokens to the application
IPs allowlist: There is no IP allowlisting possible.
Scopes: The permissions associated with the tokens issued by the OAuth consumer can be configured, see docs.
Revoke the secret
The only way to revoke the secret is to delete the OAuth consumer and create a new one.
Check for suspicious activity
Not available for now.
Details for Bitbucket keys
Family: Api
Category: Version control platform
Company: Bitbucket
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.24
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- bitbucket
Examples
- text: |
+
+const BITBUCKET_CLIENT_ID = "abC1P65CUCRb1wSBsG" // or get from process.env.GITHUB_CLIENT_ID
+const BITBUCKET_CLIENT_SECRET = "4K8vvBdjQFeas5JXDCup6KffqBhcK90e" // or get from process.env.GITHUB_CLIENT_SECRET
client_id: abC1P65CUCRb1wSBsG
client_secret: 4K8vvBdjQFeas5JXDCup6KffqBhcK90e
Details for Bitbucket keys basic auth
Family: Api
Category: Version control platform
Company: Bitbucket
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: False
Minimum number of matches: 2
Occurrences found for one million commits: 0.06
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator
banlist_extensions:
- ^[aps]?cssc?~?$
- ^storyboard(c|er)?~?$
- ^xib$
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: false
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- bitbucket
Examples
- text: |
+
+ https://ajA8T25UYEGd5wKFvC:6K2voBdjQFaas5NXLCup6KwzwBkcK93f@bitbucket.com
client_id: ajA8T25UYEGd5wKFvC
client_secret: 6K2voBdjQFaas5NXLCup6KwzwBkcK93f