Portsuppe

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets

Mandiant Blog·older·Reputable

Written by: Mark Swindle While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian's code repository tool, Bitbucket, and leveraged by threat actors to gain unauthorized access to AWS. This blog post illustrates how Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches. Background Bitbucket is a code hosting platform provided by Atlassian and i

Categories cybersecurity · government-security · unknown-it-category-15
Original source / advisory
Published
5/21/2024, 2:00:00 PM
Fetched
6/7/2026, 6:19:33 AM
Trust
reputable · 80/100
Language
en