EscalateAnonymous2LOFilter in Bitbucket Server
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The purpose of EscalateAnonymous2LOFilter in Bitbucket
Environment
Bitbucket server and Datacenter
.
Diagnosis
Below message is seen in Bitbucket logs located at $BITBUCKET_HOME/logs in DEBUG mode -
<Date-Timestamp> DEBUG <thread_id> <request_id> <IP_address> "POST /rest/build-status/latest/commits/<commit_id> HTTP/1.1" c.a.s.i.r.p.EscalateAnonymous2LOFilter Escalating permissions to [LICENSED_USER] for anonymous 2LO REST call to AbstractSubResourceMethod(BuildStatusResource#addBuildStatus)"
Cause
Bitbucket integrations with Bamboo CI/CD server are authenticated through oAuth authentication. When integrations do not have necessary permissions, EscalateAnonymous2LOFilter gives the permissions to process the request. This privilege is given to limited services like
- Pull Requests Resource with Bamboo so that it could create build plans
- Build Status resource for Bamboo
- Code Insight resources
Solution
When the debug message is seen in Bitbucket logs, there is no security risk as the request is not coming from anonymous users but the authentication is happening between Bitbucket and Bamboo to process the request. The message can be safely ignored.