Check Point security vulnerabilities in Atlassian

Check Point Research (CPR) identified the security gaps in Atlassian, a collaboration and production used by 180.000 customers worldwide.

With a single click, an attacker could have used these vulnerabilities to take over accounts and control some of Atlassian applications, including Jira and Confluence.

cpr blog article jpg

Jira is a leading software development tool used by more than 65.000 customers, including Visa, Cisco and Pfizer.

Confluence is a remote-friendly team workspace used by more than 60.000 customers, including LinkedIn, NASA and the New York Times.

Bitbucket is a Git-based source hosting service. All of these products can be used in a supply chain attack to target Atlassian partners and customers.

It's worth noting that the vulnerability affected several websites at Atlassian, which support its customers and partners. It does not affect Atlassian's cloud-based and on-premise products.

Withdrawal of Account

CPR demonstrated that account withdrawal was possible on Atlassian accounts, which are accessible via at The vulnerable subdomains were:

Security Gaps

Security vulnerabilities would allow an attacker to perform a number of potential malicious activities:

  • Cross-Site Scripting (XSS) attacks: malicious scripts are inserted into websites and applications in order to execute them on the end-user device.
  • Website Application Counterfeiting Attacks (CSRF): The attacker motivates users to perform actions that they do not intend to perform.
  • Session Repair Attacks: The attacker steals the session between the client and the Web Server by connecting the user.

In other words, an attacker could use the security vulnerabilities identified by CPR to gain control of the victim account, take action on their behalf, and gain access to Jira tickets. Additionally, an attacker could have edited a company's wiki's Confluence or viewed tickets on GetSupport.

Ο εισβολέας θα μπορούσε επίσης να πάει ένα βήμα παραπέρα και να αποκτήσει προσωπικές πληροφορίες. Όλα αυτά θα μπορούσαν να επυχθούν με ένα μόνο κλικ.

Attack Methodology

To take advantage of the security drawbacks, the sequence of actions of an intruder would be as follows:

  1. The attacker entices the victim to click on a fabricated link (coming from the "Atlassian" domain), either on Social Media, or with a fake email or messaging app, etc.
  2. By clicking on the link, the payload will send a request from the victim to the Atlassian platform, which will execute the attack and steal the user's login.
  3. The attacker connects to the victim's Atlassian applications associated with his account, obtaining all the sensitive information stored there.

Responsible information

CPR responsibly disclosed its findings to Atlassian on January 8, 2021. Atlassian stated that it made repairs on May 18, 2021.

Statement by Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software:

“Οι επιθέσεις supply chain έχουν κινήσει το ενδιαφέρον μας καθ' όλη τη διάρκεια της χρονιάς, ειδικά μετά το περιστατικό της SolarWinds. Οι πλατφόρμες της Atlassian είναι βασικές για τη ροή των εργασιών ενός οργανισμού. Ένα απίστευτο ποσοστό πληροφοριών για την αλυσίδα εφοδιασμού ρέει μέσω αυτών των εφαρμογών, καθώς και η και η διαχείριση έργων. Ως εκ τούτου, αρχίσαμε να θέτουμε ένα κάπως ανησυχητικό ερώτημα: ποιες πληροφορίες θα μπορούσε να πάρει ένας κακόβουλος χρήστης εάν αποκτούσε πρόσβαση σε έναν λογαριασμό Jira ή Confluence; Η περιέργειά μας, μας οδήγησε να εξετάσουμε την πλατφόρμα της Atlassian, όπου κα βρήκαμε κενά ασφαλείας. Σε έναν κόσμο όπου το εργατικό δυναμικό εξαρτάται όλο και περισσότερο από εξ'αποστάσεως τεχνολογίες, είναι επιτακτική ανάγκη να διασφαλιστεί ότι οι τεχνολογίες αυτές έχουν την καλύτερη άμυνα ενάντια στην . We hope our latest research will help organizations become more aware of supply chain attacks.” The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive of new by email.

check point, iguru

Written by newsbot

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).