[Exploitable Vulnerabilities Found in Your Chrome Extension Bitbucket Server Extension]

[mesolido]

Dear extension developer,

We are scientific researchers at CISPA in Germany. We are contacting you to disclose the results of a study we have performed on browser extensions.

We found that your browser extension Bitbucket Server Extension [https://chrome.google.com/webstore/detail/bitbucket-server-extensio/hlagecmhpppmpfdifmigdglnhcpnohib] presents the following vulnerability.

Your extension allows any webpage to make remote requests to any web server on behalf of the user, and retrieve sensitive information from there. In particular, if the user is logged into a sensitive website such as her mail provider, social network websites, bank websites or any website (Gmail, Twitter, Facebook, Instagram, etc.), any (malicious) webpage can use your extension to connect to those websites and retrieve sensitive information from them.

To summarize, your extension can be exploited by any (malicious) web page in order to affect the security and privacy of potentially sensitive data (websites data) of the users of your extension.

We have built a proof-of-concept, accessible at https://swag.cispa.saarland/extension_pocs/hlagecmhppbbc3q2fwvi/ where we explain and demonstrate how your extension is vulnerable, how attackers can exploit it, and what kind of sensitive user data it can leak to the attackers. Please feel free to contact us if you need more input from us regarding the proof-of-concept.

Finally, we would be very happy to hear back from you, in order to incorporate your feedback (anonymized) in our research paper. In particular, can you confirm the vulnerabilities? Have you/will you address them in the near future? Do you have further comments ? Of course, be assured that we are not going to publicly release the exploits we are sharing with you.

Best regards, CISPA Researchers

[mesolido]

@dragouf do you mind saying a few words about this. If you want I can also share my private email address for that