What We've Learned from Exposing Atlassian on the Internet: In-Depth Analysis from an Offensive Perspective

English: PPTX PDF BSides Munich 2023

Abstract

Atlassian products such as Jira and Confluence are widely used for project management and documentation across organizations of all sizes. When exposed to the internet, these platforms become attractive targets for attackers. This talk presents an in-depth analysis of Atlassian’s attack surface from an offensive perspective, covering common misconfigurations, known vulnerabilities, and exploitation techniques. Based on real-world experience, we discuss the risks of internet-facing Atlassian instances, demonstrate practical attack scenarios, and share lessons learned on how to better protect these critical assets.