Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian challenge and software program advancement platform that could be exploited to just take over an account and management some of the apps connected by way of its one sign-on (SSO) ability.
“With just just one click on, an attacker could have applied the flaws to get obtain to Atlassian’s publish Jira procedure and get sensitive info, these as security issues on Atlassian cloud, Bitbucket and on premise merchandise,” Look at Stage Investigation stated in an assessment shared with The Hacker News.
Right after the issues ended up reported to Atlassian on Jan. 8, 2021, the Australian organization deployed a resolve as section of its updates rolled out on Might 18. The sub-domains influenced by the flaws incorporate –
Effective exploitation of these flaws could result in a source-chain attack whereby an adversary can just take over an account, using it to execute unauthorized actions on behalf of the target, edit Confluence webpages, access Jira tickets, and even inject malicious implants to stage even more attacks down the line.
The weaknesses hinge on the truth that Atlassian employs SSO to be certain seamless navigation among the aforementioned domains, thus creating a potential attack situation that requires injecting destructive code into the system working with XSS and CSRF, adopted by leveraging a session fixation flaw to hijack a legitimate person session and consider control of an account.
In other words and phrases, an attacker can trick a person into clicking on a specially-crafted Atlassian connection in order to execute a malicious payload that steals the user’s session, which can then be used by the negative actor to log in to the victim’s account and get hold of sensitive information and facts.
What’s more, armed with the Jira account, the attacker can progress to acquire command of a Bitbucket account by opening a Jira ticket embedded with a destructive connection to a rogue site that, when clicked from an automobile-produced email information, could be utilised to pilfer the qualifications, proficiently granting them permissions to access or change supply code, make the repository community, or even insert backdoors.
“Provide chain attacks have piqued our fascination all calendar year, ever due to the fact the SolarWinds incident. The platforms from Atlassian are central to an organization’s workflow,” mentioned Oded Vanunu, head of goods vulnerabilities investigate at Test Level. “An unbelievable quantity of source chain details flows by these applications, as nicely as engineering and project administration.”
“In a planet where dispersed workforces more and more count on remote systems, it is critical to make sure these technologies have the finest defenses in opposition to malicious data extraction,” Vanunu additional.
Found this posting interesting? Stick to THN on Facebook, Twitter and LinkedIn to go through much more exceptional information we post.
Some components of this article are sourced from: