Security News > 2021 > June > Researchers Detail Exploit Chain for Hijacking Atlassian Accounts

Researchers Detail Exploit Chain for Hijacking Atlassian Accounts
2021-06-25 08:45

Researchers at cybersecurity firm Check Point discovered several vulnerabilities that could have been chained to take over Atlassian accounts or access a company's Bitbucket-hosted source code.

The software development and collaboration tools made by Australia-based Atlassian are used by more than 150,000 organizations worldwide, which can make the company's products a tempting target for malicious actors.

Check Point reported on Thursday that its researchers identified a series of vulnerabilities affecting several Atlassian applications connected through single sign-on.

The exploit chain developed by the researchers involved cross-site scripting, cross-site request forgery, bypassing SameSite protection, and bypassing HTTPOnly using cookie fixation.

Check Point researchers also showed how an attacker could have targeted Atlassian's source code repository hosting service Bitbucket.

"Atlassian has shipped patches to address these issues and none of these vulnerabilities affected Atlassian Cloud or on-premise products," the company said.


News URL

http://feedproxy.google.com/~r/securityweek/~3/yg8ZAM8zw5A/researchers-detail-exploit-chain-hijacking-atlassian-accounts

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 3 259 104 46 412