Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.
© All rights reserved.
csrf
Bitbucket CSRF on SSH Add Key Endpoint via superdomain cookie
In October 2022 I found a pretty specific CSRF vulnerability on Bitbucket Server (the self hosted version). Since it has now been patched, here are the details.
Read