Specialists from Check Point Research announced the reporting and remediation of multiple vulnerabilities in Atlassian subdomains whose exploitation would have allowed the deployment of cross-site scripting (XSS) and cross-site request forgery (CSRF). These flaws were found in the web domains of this provider company, which has thousands of enterprise customers.
Atlassian is an Australian firm that providers project management tools such as Jira, and Confluence, a platform for sharing documents remotely. The flaws were detected on various websites operated by Atlassian, in on-premises products and cloud deployments.
According to Check Point experts, the flaws make these subdomains vulnerable to account takeover attacks, and the exploitation of these flaws could be realized simply by clicking on a specially designed link. This would send a payload to the victims to complete the hijacking of the affected account.
Among the problems found in the affected domains are Content Security Policy (CSP) errors, parameters vulnerable to XSS attacks, and a weakness that would allow the setting of cookies, allowing attackers to force the use of session cookies for authentication purposes.
The report mentions that it is possible to take control of accounts accessible with these subdomains through XSS and CSRF attacks. Abuse of vulnerable domains would also allow threat actors to compromise sessions between the client and the web server once a user logs into their account: “A single click is enough to take control of compromised accounts and linked Atlassian solutions,” the security report says.
Atlassian received a detailed report of the failures in January 2021; the company addressed the bugs in May and researchers released the report after the deadline set by the cybersecurity community.
This research was conducted by Check Point due to ongoing supply chain attacks, in which threat actors target a centralized resource used by other companies. As with SolarWinds, these attacks have devastating potential against hundreds or even thousands of affiliated companies.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.