Search results for Atlassian | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers on Wednesday disclosed critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on ( SSO ) capability. "With just one click, an attacker could have used the flaws to get access to Atlassian's publish Jira system and get sensitive information, such as security issues on Atlassian cloud, Bitbucket and on premise products," Check Point Research said in an analysis shared with The Hacker News. After the issues were reported to Atlassian on Jan. 8, 2021, the Australian company deployed a fix as part of its  updates  rolled out on  May 18 . The sub-domains affected by the flaws include -  jira.atlassian.com confluence.atlassian.com getsupport.atlassian.com partners.atlassian.com developer.atlassian.com support.atlassian.com training.atlassian.com Successful exploitation of these flaws could result in a supp...

Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools. Considering how popular agile has become, it's no wonder Atlassian now serves 83 percent of Fortune 500 companies and has over 10 million active users worldwide. To help create a better experience for these users,  Alpha Serve  has developed WebAuthn add-ons to bring passwordless authentication to various Atlassian products. Having a more convenient and secure way to login to their Atlassian instances should be a welcome development for development teams. How WebAuthn Works WebAuthn is a browser-based security standard recommended by World Wide Web Consortium (W3C) that allows web apps to si...

The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei...

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. The Australian software company credited cybersecurity firm Volexity for identifying the flaw, which is being tracked as  CVE-2022-26134 . "Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it  said  in an advisory. "There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix." Specifics of the security flaw have been withheld until a software patch is available. All supported versions of Confluence Server and Data Center are affected, although it's expected that all versions of the enterprise solution are potentially vulnerable. The earliest impacted version is ...

Cybersecurity researchers have discovered a stealthy backdoor named  Effluence  that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services  said  in an analysis published earlier this week. "The backdoor provides capability for lateral movement to other network resources in addition to exfiltration of data from Confluence. Importantly, attackers can access the backdoor remotely without authenticating to Confluence." The attack chain documented by the cybersecurity entity entailed the exploitation of  CVE-2023-22515  (CVSS score: 10.0), a critical bug in Atlassian that could be abused to create unauthorized Confluence administrator accounts and access Confluence servers. Atlassian has since disclosed a second flaw known as...

Atlassian has released fixes to contain an actively exploited critical zero-day flaw impacting publicly accessible Confluence Data Center and Server instances. The vulnerability, tracked as  CVE-2023-22515 , is remotely exploitable and allows external attackers to create unauthorized Confluence administrator accounts and access Confluence servers. It does not impact Confluence versions prior to 8.0.0. Confluence sites accessed via an atlassian.net domain are also not vulnerable to this issue. The enterprise software services provider  said  it was made aware of the issue by "a handful of customers." It has been addressed in the following versions of Confluence Data Center and Server - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Support release) or later The company, however, did not disclose any further specifics about the nature and scale of the exploitation, or the root cause of the vulnerability. Customers who are unable to apply the updates are adv...

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances. The  vulnerability  is tracked as  CVE-2023-22501  (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity. "An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian  said . "With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into." The tokens, Atlassian noted, can be obtained in either of the two scenarios - If the attacker is included on Ji...

Atlassian has released software fixes to address  four critical flaws  in its software that, if successfully exploited, could result in remote code execution. The list of vulnerabilities is below - CVE-2022-1471  (CVSS score: 9.8) - Deserialization vulnerability in  SnakeYAML library  that can lead to remote code execution in multiple products CVE-2023-22522  (CVSS score: 9.0) - Remote code execution vulnerability in Confluence Data Center and Confluence Server (affects all versions including and after 4.0.0) CVE-2023-22523  (CVSS score: 9.8) - Remote code execution vulnerability in Assets Discovery for Jira Service Management Cloud, Server, and Data Center (affects all versions up to but not including 3.2.0-cloud / 6.2.0 data center and server) CVE-2023-22524  (CVSS score: 9.6) - Remote code execution vulnerability in Atlassian Companion app for macOS (affects all versions up to but not including 2.0.0) Atlassian described CVE-2023-22522...

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting  the Questions For Confluence  app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138 , arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "disabledsystemuser." While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default. "A remote, unauthenticated attacker with knowledge of the hard-coded password could exploit this to log into Confluence and access any pages the  confluence-users group  has access to," the company  said  in an advisory, adding that "the hard-coded password is trivial to obtain after downloading an...

The U.S. Cyber Command on Friday warned of ongoing mass exploitation attempts in the wild targeting a now-patched critical security vulnerability affecting Atlassian Confluence deployments that could be abused by unauthenticated attackers to take control of a vulnerable system. "Mass exploitation of Atlassian Confluence  CVE-2021-26084  is ongoing and expected to accelerate," the Cyber National Mission Force (CNMF)  said  in a tweet. The warning was also echoed by the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) and  Atlassian itself  in a series of independent advisories. Bad Packets  noted  on Twitter it "detected mass scanning and exploit activity from hosts in Brazil, China, Hong Kong, Nepal, Romania, Russia and the U.S. targeting Atlassian Confluence servers vulnerable to remote code execution." Atlassian Confluence is a widely popular web-based documentation service that allows teams to create, collaborate, and organiz...

Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems. Tracked as  CVE-2021-26084  (CVSS score: 9.8), the vulnerability concerns an OGNL (Object-Graph Navigation Language) injection flaw that could be exploited to achieve arbitrary code execution on a Confluence Server or Data Center instance. "A remote attacker can exploit this vulnerability by sending a crafted HTTP request containing a malicious parameter to a vulnerable server," researchers from Trend Micro  noted  in a technical write-up detailing the weakness. "Successful exploitation can result in arbitrary code execution in the security context of the affected server." The vulnerability, which resides in the Webwork module of Atlassian Confluence Server and Data Center, stems from an insufficient valid...

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of obtaining persistent and widespread access to Cloudflare's global network," the web infrastructure company  said , describing the actor as "sophisticated" and one who "operated in a thoughtful and methodical manner." As a precautionary measure, the company further said it rotated more than 5,000 production credentials, physically segmented test and staging systems, carried out forensic triages on 4,893 systems, reimaged and rebooted every machine across its global network. The incident involved a four-day reconnaissance period to access Atlassian Confluence and J...

Atlassian's group chat platform HipChat is notifying its users of a data breach after some unknown hacker or group of hackers broke into one of its servers over the weekend and stole a significant amount of data, including group chat logs. What Happened? According to a security notice published on the company's website today, a vulnerability in a "popular third-party" software library used by its HipChat.com service allowed hackers to break into its server and access customer account information. However, HipChat did not say exactly which programming blunder the hackers exploited to get into the HipChat cloud server. What type of Information? Data accessed by the hackers include user account information such as customers' names, email addresses and hashed password information. Besides information, attackers may have obtained metadata from HipChat "rooms" or groups, including room name and room topic. While metadata is not as critical as d...

Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as  CVE-2022-0540 , the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber Security has been credited with discovering and reporting the security weakness. "A remote, unauthenticated attacker could exploit this by sending a specially crafted HTTP request to bypass authentication and authorization requirements in WebWork actions using an affected configuration," Atlassian  noted . The flaw affects the following Jira products - Jira Core Server, Jira Software Server and Jira Software Data Center: All versions before 8.13.18, 8.14.x, 8.15.x, 8.16.x, 8.17.x, 8.18.x, 8.19.x, 8.20.x before 8.20.6, and 8.21.x Jira Service Management Server and Jira Service Management Data Cent...

Atlassian has released patches for  more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as  CVE-2024-1597 , the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it "presents a lower assessed risk" despite the criticality. "This org.postgresql:postgresql dependency vulnerability [...] could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction," Atlassian  said . According to a  description  of the flaw in the NIST's National Vulnerability Database (NVD), "pgjdbc, the PostgreSQL JDBC Driver, allows attac...

Atlassian has rolled out fixes for a  critical security flaw  in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as  CVE-2022-36804  (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. “An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request,” Atlassian  said  in an advisory. The shortcoming, discovered and reported by security researcher  @TheGrandPew  impacts all versions of Bitbucket Server and Datacenter released after 6.10.17, inclusive of 7.0.0 and newer - Bitbucket Server and Datacenter 7.6 Bitbucket Server and Datacenter 7.17 Bitbucket Server and Datacenter 7.21 Bitbucket Server and Datacenter 8.0 Bitbucket Server and Datacenter 8.1 B...

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as  Storm-0062  (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in Atlassian Confluence Data Center and Server," the company  noted  in a series of posts on X (formerly Twitter). "Any device with a network connection to a vulnerable application can exploit CVE-2023-22515 to create a Confluence administrator account within the application." CVE-2023-22515 , rated 10.0 on the CVSS severity rating system, allows  remote attackers  to create unauthorized Confluence administrator accounts and access Confluence servers. The flaw has been addressed in the following versions - 8.3.3 or later 8.4.3 or later, and 8.5.2 (Long Term Suppor...

Atlassian has warned of a critical security flaw in Confluence Data Center and Server that could result in "significant data loss if exploited by an unauthenticated attacker." Tracked as  CVE-2023-22518 , the vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described as an instance of "improper authorization vulnerability." All versions of Confluence Data Center and Server are susceptible to the bug, and it has been addressed in the following versions - 7.19.16 or later 8.3.4 or later 8.4.4 or later 8.5.3 or later, and 8.6.1 or later That said, the Australian company emphasized that "there is no impact to confidentiality as an attacker cannot exfiltrate any instance data." No other details about the flaw and the exact method by which an adversary can take advantage of it have been made available, likely owing to the fact that doing so could enable threat actors to devise an exploit. Atlassian is also u...

Australian software company Atlassian has rolled out security updates to address  two critical flaws  affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as  CVE-2022-43781  and  CVE-2022-43782 , are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system. As a temporary workaround, the company is recommending users turn off the "Public Signup" option (Administration > Authentication). "Disabling public signup would change the attack vector from an unauthenticated attack to an authe...

Multiple ransomware groups have begun to actively exploit recently disclosed flaws in Atlassian Confluence and Apache ActiveMQ. Cybersecurity firm Rapid7  said  it observed the exploitation of  CVE-2023-22518  and  CVE-2023-22515  in multiple customer environments, some of which have been leveraged for the deployment of  Cerber  (aka  C3RB3R ) ransomware. Both vulnerabilities are critical, allowing threat actors to create unauthorized Confluence administrator accounts and lead to a loss of confidentiality, integrity, and availability. Atlassian, on November 6,  updated its advisory  to note that it observed "several active exploits and reports of threat actors using ransomware" and that it is revising the CVSS score of the flaw from 9.1 to 10.0, indicating maximum severity. The escalation, the Australian company said, is due to the change in the scope of the attack. Attack chains involve mass exploitation of vulnerable inte...