Cybersecurity researchers disclose critical flaws in the Atlassian project and software development platform that could be exploited to take over an account and control some of the apps connected through its single sign-on (SSO) capability. The Australian company deployed a fix as part of its updates rolled out on May 18. The weaknesses hinge on the fact that Atlassian uses SSO to ensure seamless navigation between the aforementioned domains, thus creating a potential attack scenario that involves injecting malicious code into the platform using XSS and CSRF.
Source: https://thehackernews.com/2021/06/one-click-exploit-could-have-let.html