Security News > 2021 > June > One-Click Exploit Could Have Let Attackers Hijack Any Atlassian Account

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on capability.

"With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News.

The weaknesses hinge on the fact that Atlassian uses SSO to ensure seamless navigation between the aforementioned domains, thus creating a potential attack scenario that involves injecting malicious code into the platform using XSS and CSRF, followed by leveraging a session fixation flaw to hijack a valid user session and take control of an account.

In other words, an attacker can trick a user into clicking on a specially-crafted Atlassian link in order to execute a malicious payload that steals the user's session, which can then be used by the bad actor to log in to the victim's account and obtain sensitive information.

What's more, armed with the Jira account, the attacker can proceed to gain control of a Bitbucket account by opening a Jira ticket embedded with a malicious link to a rogue website that, when clicked from an auto-generated email message, could be used to pilfer the credentials, effectively granting them permissions to access or alter source code, make a repository public, or even insert backdoors.

"Supply chain attacks have piqued our interest all year, ever since the SolarWinds incident. The platforms from Atlassian are central to an organization's workflow," said Oded Vanunu, head of products vulnerabilities research at Check Point.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/fGaE9gtQbcQ/one-click-exploit-could-have-let.html