Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Researchers Detail Exploit Chain for Hijacking Atlassian Accounts

Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company’s Bitbucket-hosted source code. Atlassian patched the flaws before their details were made public.

Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company’s Bitbucket-hosted source code. Atlassian patched the flaws before their details were made public.

The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company’s products a tempting target for malicious actors.

Check Point reported on Thursday that its researchers identified a series of vulnerabilities affecting several Atlassian applications connected through single sign-on (SSO). Impacted subdomains included jira.atlassian.com, confluence.atlassian.com, getsupport.atlassian.com, partners.atlassian.com, developer.atlassian.com, support.atlassian.com, and training.atlassian.com.

The exploit chain developed by the researchers involved cross-site scripting (XSS), cross-site request forgery (CSRF), bypassing SameSite protection, and bypassing HTTPOnly using cookie fixation.

In order to trigger the exploit chain and take control of an account, the attacker only needed to convince the targeted user to click on a malicious link.

Check Point researchers also showed how an attacker could have targeted Atlassian’s source code repository hosting service Bitbucket. An attacker who could trick a user into clicking on a malicious link could have stolen that user’s credentials.

“Accessing a company’s Bitbucket repositories could allow attackers to access and change source code, make it public or even plant backdoors,” the researchers warned.

Advertisement. Scroll to continue reading.

Contacted by SecurityWeek, an Atlassian spokesperson said that based on the company’s investigation, the vulnerabilities impacted “a limited set of Atlassian-owned web applications as well as a third-party training platform.”

“Atlassian has shipped patches to address these issues and none of these vulnerabilities affected Atlassian Cloud (like Jira or Confluence Cloud) or on-premise products (like Jira Server or Confluence Server),” the company said.

Check Point has published a blog post detailing its findings, as well as a video showing the exploits in action.

Related: AESDDoS Botnet Targets Vulnerability in Atlassian’s Confluence Server

Related: Critical Vulnerability Addressed in Jira Service Desk

Related: JIRA Misconfiguration Leaks Data of Fortune 500 Companies

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.