Connect with us

Hi, what are you looking for?

Cyber Security

Jira Align flaws enabled malicious users to gain super admin privileges – and potentially worse

A pair of vulnerabilities patched in Jira Align could in the “worst-case scenario” be combined by low-privileged malicious users to target Atlassian’s cloud infrastructure, a security researcher warns.

Jira Align is a software-as-a-service (SaaS) platform through which enterprises can scale their deployments of Atlassian Jira, the hugely popular bug tracking and project management application, in the cloud.

A Bishop Fox security researcher found a high severity (CVSS 8.8) authorization controls flaw that allows users with the ‘people’ permission to elevate their privilege, or that of any other user, to ‘super admin’ via the MasterUserEdit API (CVE-2022-36803).

Subsequently, abuse of a medium severity (CVSS 4.9) server-side request forgery (SSRF) bug (CVE-2022-36802) could then see attackers retrieve AWS credentials of the Atlassian service account that deployed the Jira Align instance.

MisAligned permissions

Super admins can among other things modify Jira connections, reset user accounts, and modify security settings, said Jake Shafer, senior security consultant at Bishop Fox.

Attackers could also access “everything the client of the SaaS had in their Jira deployment (or just take the whole thing offline, but I would hope there’s some backups in that case)”, he told The Daily Swig.

“Going by my pen testing experience, that could be everything from credentials and client information to details on unpatched vulnerabilities in their own applications and software.

“While, for good reason, my testing stopped at the edge of the Atlassian infrastructure, under the right conditions [leveraging the SSRF] potentially means gaining access to other client data through lateral or upward movement through Atlassian’s AWS infrastructure.

“Since Atlassian’s providing cloud tenants to these clients, gaining access to the infrastructure of the SaaS provider itself is pretty much worst-case scenario.”

The flaws affect version 10.107.4 and were patched in 10.109.3, which was released on July 22, 2022.

People permissions

The role of ‘people’ permissions varies depending on an instance’s configuration. “In the sandbox environment that was provisioned for testing purposes, this permission was added to the ‘program manager’ role, but could be exploited by any role with the ‘people’ permission,” explained Shafer in a Bishop Fox security advisory.

This could either be done by “intercepting the role change request directly to the API and modifying the cmbRoleID parameter to 9”, or by performing an API call with a POST request containing their session cookies.

The SSRF resides in the Jira Align ManageJiraConnectors API, which manages external connections.

A user-supplied URL value called txtAPIURL points to the relevant API location. Jira Align automatically appended /rest/api/2/ to the URL server side, but the further addition of ‘#’ “would allow an attacker to specify any URL”, warned Shafer.

The issues were unearthed on May 31, 2022, and reported to Atlassian on June 6, with the vendor initially addressing the SSRF with a hotfix version 10.108.3.5 on June 28.

Advertisement. Scroll to continue reading.

The Daily Swig has invited Atlassian to comment. We will update the article if they do so.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/jira-align-flaws-enabled-malicious-users-to-gain-super-admin-privileges-and-potentially-worse

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO