{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/bitbucket-server/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Bitbucket Server"],"_cs_severities":["medium"],"_cs_tags":["attack.defense-impairment","attack.t1685","bitbucket"],"_cs_type":"advisory","_cs_vendors":["Atlassian"],"content_html":"\u003cp\u003eAttackers can weaken an organization\u0026rsquo;s security posture by disabling or bypassing security controls within Bitbucket. This allows sensitive information, such as API keys, passwords, and other credentials, to be committed to the repository without detection. By adding a repository to the secret scanning exemption list, attackers can effectively disable a key preventative measure, making it easier to introduce and maintain compromised credentials within the codebase. This can lead to unauthorized access, data breaches, and other serious security incidents. This technique allows attackers to impair defenses, avoiding detection of secrets being committed to the repository.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains unauthorized access to a Bitbucket account with repository administration privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker navigates to the repository settings within Bitbucket.\u003c/li\u003e\n\u003cli\u003eThe attacker accesses the secret scanning configuration for the repository.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies the option to add the repository to the exemption list for secret scanning.\u003c/li\u003e\n\u003cli\u003eThe attacker adds the repository to the exemption list, effectively disabling secret scanning for that repository.\u003c/li\u003e\n\u003cli\u003eThe attacker commits sensitive information (secrets, credentials) to the now-exempt repository.\u003c/li\u003e\n\u003cli\u003eThe secrets are committed without triggering secret scanning alerts.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the committed secrets to gain unauthorized access to other systems or data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eCompromising secrets within a Bitbucket repository can lead to a variety of negative consequences, including unauthorized access to sensitive data, compromised infrastructure, and data breaches. While the exact number of affected organizations is unknown, the potential impact is significant for any organization using Bitbucket to store code and manage secrets. Successful exploitation allows attackers to move laterally within the network and escalate privileges.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Bitbucket Secret Scanning Exempt Repository Added\u0026rdquo; to your SIEM to detect when a repository is added to the secret scanning exemption list (logsource: bitbucket).\u003c/li\u003e\n\u003cli\u003eInvestigate any detected instances of repositories being added to the secret scanning exemption list to determine if the change was authorized.\u003c/li\u003e\n\u003cli\u003eEnsure that appropriate access controls are in place to prevent unauthorized users from modifying repository settings.\u003c/li\u003e\n\u003cli\u003eReview Bitbucket audit logs regularly to identify suspicious activity related to secret scanning configuration changes (logsource: bitbucket).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-04-29T12:00:00Z","date_published":"2024-04-29T12:00:00Z","id":"/briefs/2024-04-bitbucket-secret-scanning-exempt/","summary":"An attacker may attempt to disable or bypass secret scanning on a Bitbucket repository to avoid detection of committed secrets, potentially leading to credential compromise and subsequent unauthorized access.","title":"Bitbucket Repository Exempted from Secret Scanning","url":"https://feed.craftedsignal.io/briefs/2024-04-bitbucket-secret-scanning-exempt/"}],"language":"en","title":"CraftedSignal Threat Feed — Bitbucket Server","version":"https://jsonfeed.org/version/1.1"}