On Wednesday 23rd of June, cyber-security experts uncovered key vulnerabilities in the Atlassian project and software development platform that might have been exploited to take over the account and control certain apps connected via its single sign-on (SSO) capabilities.
The vulnerabilities are due to Atlassian using SSO to ensure the uninterrupted navigation of the above-mentioned domains, thereby attempting to create a possible attack scenario involving the use of XSS and CSRF to inject malicious code into the portal and leveraging a session fixation error in the event of a valid user session. Though these vulnerabilities have been patched.
On January 08, 2021, the Australian company delivered a patch for its upgrades, after Atlassian was notified of the problem. The issues in the sub-domains include –
jira.atlassian.com
confluence.atlassian.com
getsupport.atlassian.com
partners.atlassian.com
developer.atlassian.com
support.atlassian.com
training.atlassian.com
"With just one click, an attacker could have used the flaws to get access to Atlassian's to publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket, and on-premise products," Check Point Research stated.
The appropriate exploitation of such vulnerabilities could escalate to an attack through a supply chain where the attacker can take over an account, take illegal measures on behalf of the victim, modify pages of Confluence, access Jira tickets, and even inject malicious implants to perpetrate further attacks.
In other words, an attacker can deceive a user by clicking an Atlassian link that has been created to carry out a malicious payload, which can be utilized by the wrong player to log into the victim's account and gain confidential information.
Moreover, the attacker can regulate a Bitbucket account with a Jira account by opening a Jira ticket that is incorporated with a malicious link to a rogue site which, when clicking on a message autogenerated by an e-mail, can be used to remove the credentials, essentially give them the authorization to access or modify the source code, make the repository publicly accessible or even insert the backdoors.
"Supply chain attacks have piqued our interest all year, ever since the SolarWinds incident. The platforms from Atlassian are central to an organization's workflow," said Oded Vanunu, head of products vulnerabilities research at Check Point. "An incredible amount of supply chain information flows through these applications, as well as engineering and project management."