bitbucket

infosec

Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie

In October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.

Read