all InfoSec News
Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets
Threat Intelligence cloud.google.com
Written by: Mark Swindle
While investigating recent exposures of Amazon Web Services (AWS) secrets, Mandiant identified a scenario in which client-specific secrets have been leaked from Atlassian's code repository tool, Bitbucket, and leveraged by threat actors to gain unauthorized access to AWS. This blog post illustrates how Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches.
Background
Bitbucket is a code hosting platform provided by Atlassian and is equipped with a built-in continuous integration …
access amazon amazon web services atlassian aws bitbucket blog blog post cd pipeline client code code repository leaked mandiant mark pipeline repository scenario s code secrets services threat threat actors threat intelligence tool unauthorized unauthorized access web web services written