Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company’s Bitbucket-hosted source code. Atlassian patched the flaws before their details were made public.
The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company’s products a tempting target for malicious actors.
Check Point reported on Thursday that its researchers identified a series of vulnerabilities affecting several Atlassian applications connected through single sign-on (SSO). Impacted subdomains included jira.atlassian.com, confluence.atlassian.com, getsupport.atlassian.com, partners.atlassian.com, developer.atlassian.com, support.atlassian.com, and training.atlassian.com.
The exploit chain developed by the researchers involved cross-site scripting (XSS), cross-site request forgery (CSRF), bypassing SameSite protection, and bypassing HTTPOnly using cookie fixation.
In order to trigger the exploit chain and take control of an account, the attacker only needed to convince the targeted user to click on a malicious link.
Check Point researchers also showed how an attacker could have targeted Atlassian’s source code repository hosting service Bitbucket. An attacker who could trick a user into clicking on a malicious link could have stolen that user’s credentials.
“Accessing a company’s Bitbucket repositories could allow attackers to access and change source code, make it public or even plant backdoors,” the researchers warned.
Contacted by SecurityWeek, an Atlassian spokesperson said that based on the company’s investigation, the vulnerabilities impacted “a limited set of Atlassian-owned web applications as well as a third-party training platform.”
“Atlassian has shipped patches to address these issues and none of these vulnerabilities affected Atlassian Cloud (like Jira or Confluence Cloud) or on-premise products (like Jira Server or Confluence Server),” the company said.
Check Point has published a blog post detailing its findings, as well as a video showing the exploits in action.
Related: AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server
Related: Critical Vulnerability Addressed in Jira Service Desk
Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
