Bitbucket App Password
Service Name: Bitbucket
Service Description: Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It offers both cloud-based and server versions for teams to collaborate on code development, manage Git repositories, and build, test, and deploy code.
Service Address: https://bitbucket.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the workspace level through IP allowlists in Bitbucket Cloud settings.
Secret Access Scope: App passwords grant specific permissions to access Bitbucket resources and APIs without sharing your primary password. They can be configured with limited scopes such as repository read/write access, pull request management, pipeline execution, or issue tracking.
Secret Revokement URL: https://bitbucket.org/account/settings/app-passwords/
Secret Example: ATBBcGVuqm6Xp8MYKVm3RRVnUMFT5D3C8A2E
Suspicious Activity Investigation Instructions:
- Review the Bitbucket audit logs for unusual repository access or actions
- Check for unauthorized repository clones, commits, or pull requests
- Monitor for unexpected changes to repository settings or permissions
- Examine webhook configurations for unauthorized additions
- Review pipeline executions for suspicious activities
- Check for unusual API calls made using the app password
Mitigation Instructions:
- Log in to your Bitbucket account
- Navigate to your personal settings by clicking on your profile picture and
selecting "Personal settings"
- Select "App passwords" from the left sidebar
- Locate the compromised app password in the list
- Click the trash icon next to the password to delete it
- Confirm the deletion when prompted
- Create a new app password with appropriate permissions if still needed
- Review all repository access and permissions
- Enable two-factor authentication for your Bitbucket account if not already
enabled
- Consider implementing IP allowlists for your Bitbucket workspace