Researchers have discovered vulnerabilities in Atlassian Jira Align, a SaaS platform could allow users with access to the service to become application administrators, and then attack the Atlassian service.
The two vulnerabilities affects the Jira Align application, which is used to set agile-development goals, track efforts toward those goals, and create agile strategies. Because every instance of Jira Align is provisioned by Atlassian, an attacker could gain control of a part of the company’s cloud infrastructure.
The first vulnerability, a server-side request forgery, could allow a user to retrieve the AWS credentials of the Atlassian service account that provisioned the Jira Align instance.
The second vulnerability in the authorization mechanism for users with the People role could allow those users to elevate their role to Super Admin, which has access to all settings for the Jira Align tenant, such as resetting accounts and modifying settings.
Both vulnerabilities have been patched the first within a week and the second within a month, according to the disclosure timeline published by Bishop Fox.
The increasing reliance on cloud applications has made attacks on cloud services and workloads much more common, so much so that the top class of vulnerability, is broken authentication and access-control issues (As per OWASP).
The authorization issues are difficult for automated tools to pinpoint; plus, SSRF is a relatively new class of vulnerability that uses a cloud service’s functionality and servers to conduct attacks, often bypassing security at the network edge as well as some internal security measures.
These most recent vulnerabilities highlight that developers should always make sure to double-check content supplied by users before completing a request.
Additional input-sanitization checks could prevent both attacks. Proper testing of sofrware should be followed