Summary by Atlassian
Source code leakage due to exposed sourcemap in Bitbucket Cloud
Source code leakage due to exposed sourcemap
Disclosed by talkingllama- Engagement Atlassian
- Disclosed date almost 5 years ago
- Reward $200
- Priority P4 Bugcrowd's VRT priority rating
- Status Informational This vulnerability is seen as an accepted business risk
Summary by talkingllama
I am proceeding the public disclosure of the steps to reproduce and the source code dump.
Report details
-
Submitted
-
Target Location
Bitbucket Cloud including Bitbucket Pipelines (https://bitbucket.org) -
Target category
Web App
-
VRT
Automotive Security Misconfiguration > Infotainment > Source Code Dump -
Priority
P4 -
Bug URL
https://bitbucket.org -
Description
There is a leakage of source maps due to which entire source code can be dumped from the bitbucket.org site which contains the bitbucket cloud codebase.
You can use Chrome dev tools to list all the files and dump it.
I Have attached the entire source code dump below.