Atlassian Bugs Could Have Led to 1-Click Takeover

2021-06-24 10:00

On Thursday, Check Point Research published a report outlining how an attacker could have exploited the bugs to access Atlassian's Jira: a proprietary bug-tracking and agile project management tool.

CPR researchers said that with just one click, an attacker could have siphoned sensitive information out of Jira, such as "Security issues on Atlassian cloud, Bitbucket and on-premise products."

Oded Vanunu, head of products vulnerabilities research at Check Point Software, was quoted in a release as saying that supply chain attacks "Have piqued our interest all year, ever since the SolarWinds incident." He noted that Atlassian platforms are "Central to an organization's workflow."

Exploiting Atlassian required, first off, finding a way to inject code into Atlassian.

The bugs would have enabled an attacker to pull off a laundry list of malicious activities, such as cross-site scripting attacks; cross-site request forgery attacks; or session fixation attacks.

Attacker logs onto victim's Atlassian apps associated with the account, gaining all the sensitive information stored therein.

News URL

https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/

#atlassian #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Atlassian		58	3	259	104	46	412