Bitbucket OAuth
Service Name: Bitbucket
Service Description: Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It offers both commercial plans and free accounts with an unlimited number of private repositories.
Service Address: https://bitbucket.org/
Validation Type: -
IP Allow list: Does not exist
Secret Access Scope: Grants access to Bitbucket resources based on the permissions granted to the OAuth application.
Secret Revokement URL: https://bitbucket.org/account/settings/app-authorizations/
Secret Example: client_id=abcdefghijklmnopqr&client_secret=abcdefghijklmnopqrstuvwxyz12
Suspicious Activity Investigation Instructions:
- Review Bitbucket access logs for unauthorized repository access or changes
- Check for unexpected OAuth application authorizations in your Bitbucket account
- Monitor for unusual commits, pull requests, or repository changes
- Examine webhook configurations for unauthorized additions
Mitigation Instructions:
- Immediately revoke the compromised OAuth token in Bitbucket account settings
- Generate a new OAuth token with appropriate scopes
- Review and update repository access permissions
- Enable two-factor authentication on your Bitbucket account
- Audit all webhooks and integrations connected to your repositories