After the SolarWinds hack last year, Check Point Research (CPR) decided to investigate Atlassian to see if its platform, used by 180,000 customers worldwide, could fall victim to a similar supply chain attack.
The cybersecurity firm was able to bypass Atlassian’s security measures and found vulnerabilities in its collaboration software and developer tools.
According to a new blog post by CPR, an attacker could have exploited these vulnerabilities with just one click to gain access to the Atlassian Jira bug system and retrieve sensitive information about Atlassian Cloud, Bitbucket and the company’s on-premises products.
For those who don’t know, Jira is a software development tool used by over 65,000 customers including Visa, Cisco, and Pfizer, Confluence is a team workspace used by over 60,000 customers including LinkedIn, NASA, and the New York Times and Bitbucket is a Git-based source code repository hosting service. An attacker could potentially use any of these products in an attack on the supply chain …