Security News > 2024 > May > Bitbucket artifact files can leak plaintext authentication secrets
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects.
As developers may not be aware that these secrets are exposed in artifact files, the source code may be published to public repositories where threat actors can steal them.
One of the directives in these files is artifacts:, which are used to specify variables, files, and directories that are exported to artifact objects to be retained and used in further steps of the build and testing process.
Doing so will cause "Secured variables" to be exported in plaintext to the artifact file rather than in its encrypted form.
If those artifact files are then stored in a public location, a threat actor can simply open the text file and view all variables in plaintext, easily stealing authentication secrets that can be used to steal data or perform other malicious activity.
Mandiant reminds developers that Bitbucket was not designed to manage secrets, suggesting that a dedicated, specialized product is used for that purpose instead. Developers are also recommended to carefully review artifacts to ensure no plain text secrets are contained inside the generated files.