One-Click on Exploit Might Have Let Attackers Hijack Any Atlassian Account


Atlassian Hacking

Cybersecurity researchers on Wednesday disclosed essential flaws within the Atlassian challenge and software program improvement platform that might be exploited to take over an account and management among the apps related by its single sign-on (SSO) functionality.

“With only one click on, an attacker may have used the failings to get entry to Atlassian’s publish Jira system and get delicate data, resembling safety points on Atlassian cloud, Bitbucket and on premise merchandise,” Examine Level Analysis said in an evaluation shared with The Hacker Information.

Stack Overflow Teams

After the problems had been reported to Atlassian on Jan. 8, 2021, the Australian firm deployed a repair as a part of its updates rolled out on May 18. The sub-domains affected by the failings embrace –

  • jira.atlassian.com
  • confluence.atlassian.com
  • getsupport.atlassian.com
  • companions.atlassian.com
  • developer.atlassian.com
  • assist.atlassian.com
  • coaching.atlassian.com

Profitable exploitation of those flaws may end in a supply-chain assault whereby an adversary can take over an account, utilizing it to carry out unauthorized actions on behalf of the sufferer, edit Confluence pages, entry Jira tickets, and even inject malicious implants to stage additional assaults down the road.

Atlassian Hacking

The weaknesses hinge on the truth that Atlassian makes use of SSO to make sure seamless navigation between the aforementioned domains, thus creating a possible assault state of affairs that entails injecting malicious code into the platform utilizing XSS and CSRF, adopted by leveraging a session fixation flaw to hijack a sound person session and take management of an account.

In different phrases, an attacker can trick a person into clicking on a specially-crafted Atlassian hyperlink in an effort to execute a malicious payload that steals the person’s session, which may then be utilized by the dangerous actor to log in to the sufferer’s account and procure delicate data.

Enterprise Password Management

What’s extra, armed with the Jira account, the attacker can proceed to realize management of a Bitbucket account by opening a Jira ticket embedded with a malicious hyperlink to a rogue web site that, when clicked from an auto-generated email message, might be used to pilfer the credentials, successfully granting them permissions to entry or alter supply code, make the repository public, and even insert backdoors.

“Provide chain assaults have piqued our curiosity all yr, ever for the reason that SolarWinds incident. The platforms from Atlassian are central to a corporation’s workflow,” mentioned Oded Vanunu, head of merchandise vulnerabilities analysis at Examine Level. “An unbelievable quantity of provide chain data flows by these functions, in addition to engineering and challenge administration.”

“In a world the place distributed workforces more and more depend upon distant applied sciences, it is crucial to make sure these applied sciences have the most effective defenses towards malicious information extraction,” Vanunu added.





Source link