Skip to content

Bitbucket OAuth

Service Name: Bitbucket

Service Description: Bitbucket is a Git-based source code repository hosting service owned by Atlassian. It offers both commercial plans and free accounts with an unlimited number of private repositories.

Service Address: https://bitbucket.org/

Validation Type: -

IP Allow list: Does not exist

Secret Access Scope: Grants access to Bitbucket resources based on the permissions granted to the OAuth application.

Secret Revokement URL: https://bitbucket.org/account/settings/app-authorizations/

Secret Example: client_id=abcdefghijklmnopqr&client_secret=abcdefghijklmnopqrstuvwxyz12

Suspicious Activity Investigation Instructions:

  • Review Bitbucket access logs for unauthorized repository access or changes
  • Check for unexpected OAuth application authorizations in your Bitbucket account
  • Monitor for unusual commits, pull requests, or repository changes
  • Examine webhook configurations for unauthorized additions

Mitigation Instructions:

  • Immediately revoke the compromised OAuth token in Bitbucket account settings
  • Generate a new OAuth token with appropriate scopes
  • Review and update repository access permissions
  • Enable two-factor authentication on your Bitbucket account
  • Audit all webhooks and integrations connected to your repositories