Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company’s Bitbucket-hosted source code. Atlassian patched the flaws before their details were made public.
The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company’s products a tempting target for malicious actors.
Check Point reported on Thursday that its researchers identified a series of vulnerabilities affecting several Atlassian applications connected through single sign-on (SSO). Impacted subdomains included jira.atlassian.com, confluence.atlassian.com, getsupport.atlassian.com, partners.atlassian.com, developer.atlassian.com, support.atlassian.com, and training.atlassian.com.
The exploit chain developed by the researchers involved cross-site scripting (XSS), cross-site request forgery (CSRF), bypassing SameSite protection, and bypassing HTTPOnly using cookie fixation.
In order to trigger the exploit chain and take control of an account, the attacker only needed to convince the targeted user to click on a malicious link.
Check Point researchers also showed how an attacker could have targeted Atlassian’s source code repository hosting service Bitbucket. An attacker who could trick a user into clicking on a malicious link could have stolen that user’s credentials.
“Accessing a company’s Bitbucket repositories could allow attackers to access and change source code, make it public or even plant backdoors,” the researchers warned.
Contacted by SecurityWeek, an Atlassian spokesperson said that based on the company’s investigation, the vulnerabilities impacted “a limited set of Atlassian-owned web applications as well as a third-party training platform.”
“Atlassian has shipped patches to address these issues and none of these vulnerabilities affected Atlassian Cloud (like Jira or Confluence Cloud) or on-premise products (like Jira Server or Confluence Server),” the company said.
Check Point has published a blog post detailing its findings, as well as a video showing the exploits in action.
Related: AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server
Related: Critical Vulnerability Addressed in Jira Service Desk
Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
