Impact
At least one user experienced problems accessing the platform. The issue started on UTC-5 25-07-23 15:14 and was reactively discovered 1.2 hours (TTD) later by a client who reported through our help desk [1] that, when trying to log in, an Invalid redirect_uri
error was displayed, preventing access. No other modules or users not using Bitbucket for login were affected. The problem was resolved in 2.1 hours (TTF), resulting in a total window of exposure of 3.3 hours (WOE) [2].
Cause
The problem was caused by a change in the redirect URL used for login. Specifically, an alias was added to the Bitbucket callback configuration in the production environment, which affected users logging in through Bitbucket.
Solution
The tokens for Bitbucket authentication were rotated again, both in the development and production environments, to restore proper access [3].
Conclusion
The platform is now working as expected for users logging in via Bitbucket. This incident highlights the importance of validating configuration changes before deploying to production, especially those related to authentication. ROTATION_FAILURE < INCOMPLETE_PERSPECTIVE