Home Source code Vulnerability chain allowed Atlassian account hijacking – security

Vulnerability chain allowed Atlassian account hijacking – security

0


Atlassian has remedied a chain of vulnerabilities disclosed to the Australian provider of collaborative software, which could be used to support accounts and control applications on its domains.

Security provider Check Point Software was able to bypass Atlassian Single Sign-On (SSO) safeguards, such as Content Security Policy in Web Browsers and Cookies marked SameSite Strict and HTTPOnly with restrictions access.

Check Point discovered that the CSP for the training.atlassian.com subdomain was misconfigured and allowed the script to run.

By combining cross-site scripting and request forgery (XSS and CSRF), researchers were able to inject malicious payload into the basket of Atlassian training sites, which allowed them to perform actions as the target user. .

To obtain the user’s session cookie, Check Point researchers deployed a cookie-fixing attack.

This forced the use of a cookie known to the attacker, and which authenticated and in turn bypassed the HTTPOnly restriction and allowed the account to be hacked.

From the Atlassian training site, researchers were able to switch to accounts on Jira, Confluence and other subdomains operated by the Australian provider.

Researchers were also able to use the hacked Jira account to break into Bitbucket code repositories.

A supply chain attack that accesses an organization’s Bitbucket repository is particularly dangerous because it could lead to the implantation of corrupted source code to spread malware or backdoors.


LEAVE A REPLY

Please enter your comment!
Please enter your name here