Atlassian has remedied a chain of vulnerabilities disclosed to the Australian collaborative software package vendor, which could be made use of to get above accounts and regulate applications on its domains.
Safety vendor Verify Issue Program ended up able to bypass protective actions for Atlassian’s Solitary Indication-On (SSO) program such as Written content Safety Policy in net browsers, and SameSite Stringent and HTTPOnly marked cookies with access limits.
Verify Issue found that the schooling.atlassian.com subdomain’s CSP was configured improperly and authorized script execution.
By combining cross-internet site scripting and request forgery (XSS and CSRF) scientists ended up able to inject a destructive payload into the Atlassian schooling sites buying cart which authorized them to perform actions as the concentrate on user.
To get the user’s session cookie, the Verify Issue scientists deployed a cookie fixation attack.
This compelled the use of a cookie known to the attacker, and which became authenticated and in convert bypassed the HTTPOnly restriction and authorized the account hijacking.
From the Atlassian schooling internet site, the scientists ended up able to pivot to accounts on Jira, Confluence, and other subdomains operated by the Australian vendor.
The scientists ended up also able to use the hijacked Jira account to split into Bitbucket code repositories.
A provide-chain attack that accesses an organisation’s Bitbucket repository is particularly risky as it could direct to altered resource code remaining implanted to disseminate malware or backdoors.