Saturday, October 16, 2021

Vulnerabilities in Atlassian domains Could takeover Any Atlassian Account

Must Read

Cloudflare launches Page Shield For Magecart card skimming attacks

Cloudflare has launched new web security service to prevent Magecart-style attacks.Magecart is an umbrella term used to describe attacks...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a...

SolarWinds hackers downloaded Azure, Exchange, and Intune source code says Microsoft

Microsoft's security team said today it had officially completed its SolarWinds-related criminal investigation and found no evidence that hackers...

Vulnerabilities that could allow XSS, CSRF and one-click account takeovers in Atlassian subdomains have been patched.

Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws.

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability.

The vulnerabilities in question were found in several Atlassian-maintained websites, rather than on-prem or cloud-based Atlassian products.

After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its updates rolled out on May 18. The sub-domains affected by the flaws include –

  • jira.atlassian.com
  • confluence.atlassian.com
  • getsupport.atlassian.com
  • partners.atlassian.com
  • developer.atlassian.com
  • support.atlassian.com
  • training.atlassian.com

CPR explained that exploit code utilizing the vulnerabilities in the subdomains could be deployed through a victim clicking on a malicious link. A payload would then be sent on behalf of the victim and a user session would be stolen.

The Content Security Policy (CSP) was configured “poorly” on this subdomain, the researchers explained, with “unsafe-inline” and “unsafe-eval” directives, which allow script execution. This made the subdomain “a perfect starting point” for research, they said. They were able to exploit the XSS bug to snag all the cookies and the local storage of the target.

“With just one click, an attacker could have used the flaws to take over accounts and control some of Atlassian’s applications, including Jira and Confluence,” the researchers said.

“Supply chain attacks have piqued our interest all year, ever since the SolarWinds incident. The platforms from Atlassian are central to an organization’s workflow,” said Oded Vanunu, head of products vulnerabilities research at Check Point. “An incredible amount of supply chain information flows through these applications, as well as engineering and project management.”

SolarWinds, too, is a prime example of how devastating a supply chain attack can be. Approximately 18,000 SolarWinds clients received a malicious SolarWinds Orion software update that planted a backdoor into their systems; however, the attackers cherry-picked a handful of victims for further compromise, including Microsoft, FireEye, and several federal agencies.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This