We have deployed our code from the bitbucket pipeline to aws ec2.
recently client received an email from AWS support that the bitbucket code was being exposed.
anyone from the link can see any files like dotfiles and respective files.
the link looks like this :
https://bitbucket.org/abcTech/%4sfasdfasdfasdfasdfadddsafasdf%7D/raw/master/apps/api/.env
this is not a real link. but when I click the link that I received it will show all the content from the file even if you are not a Bitbucket user!
didn't understand what is happening. what could be the issue?
my guess is the link is generated from the bitbucket pipeline's artifact but how can it be accessible to anyone?
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.