Atlassian has remedied a chain of vulnerabilities disclosed to the Australian collaborative software program seller, which could be utilized to get around accounts and handle apps on its domains.
Stability seller Verify Place Program were in a position to bypass protecting steps for Atlassian’s Solitary Signal-On (SSO) technique this kind of as Articles Stability Policy in net browsers, and SameSite Rigorous and HTTPOnly marked cookies with entry constraints.
Verify Place observed that the education.atlassian.com subdomain’s CSP was configured improperly and authorized script execution.
By combining cross-web page scripting and ask for forgery (XSS and CSRF) scientists were in a position to inject a destructive payload into the Atlassian education web sites buying cart which authorized them to complete steps as the focus on consumer.
To get the user’s session cookie, the Verify Place scientists deployed a cookie fixation attack.
This pressured the use of a cookie recognized to the attacker, and which turned authenticated and in change bypassed the HTTPOnly restriction and authorized the account hijacking.
From the Atlassian education web page, the scientists were in a position to pivot to accounts on Jira, Confluence, and other subdomains operated by the Australian seller.
The scientists were also in a position to use the hijacked Jira account to break into Bitbucket code repositories.
A offer-chain attack that accesses an organisation’s Bitbucket repository is especially unsafe as it could lead to altered source code being implanted to disseminate malware or backdoors.