![]() ![]() The attackers used this access to create copies of many users' home directories and various files. One of these attachments was a JSP file that was used to browse and copy the filesystem. They then created several new issues and uploaded attachments to them. The path they chose was configured to run JSP files, and was writable by the JIRA user. Having gained administrator privileges on a JIRA account, the attackers used this account to disable notifications for a project, and to change the path used to upload attachments. On April 6th, one of these methods was successful. This compromised their sessions, including their JIRA administrator rights.Īt the same time as the XSS attack, the attackers started a brute force attack against the JIRA login.jsp, attempting hundreds of thousands of password combinations. When this issue was opened against the Infrastructure team, several of our administators clicked on the link. The attack was crafted to steal the session cookie from the user logged-in to JIRA. ![]() This specific URL redirected back to the Apache instance of JIRA, at a special URL containing a cross site scripting (XSS) attack. Tinyurl is a URL redirection and shortening tool. Ive got this error while browsing some projects in jira On April 5th, the attackers via a compromised Slicehost server opened a new issue, INFRA-2591. In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them. ![]() The risk for most users is low to moderate, since pre-built password dictionaries are not effective, but we recommend users should still remove these passwords from use. We believe the risk to simple passwords based on dictionary words is quite high, and most users should rotate their passwords.īugzilla uses a SHA-256, including a random salt. JIRA and Confluence both use a SHA-512 hash, but without a random salt. If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised. Our JIRA instance was hosted on, a machine running Ubuntu Linux 8.04 LTS. Among other projects, the ASF Infrastructure Team uses it to track issues and requests. The Apache Software Foundation uses a donated instance of Atlassian JIRA as an issue tracker for our projects. services recently suffered a direct, targeted attack against our infrastructure, specifically the server hosting our issue-tracking software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |