Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Vulnerabilities Reported by Check Point Research


Early in 2021, Check Point Research provided Atlassian with the details of several vulnerabilities affecting a limited number of web applications that Atlassian uses to support customers and partners. The reported vulnerabilities did not affect Atlassian Cloud products (like Jira, Confluence, or Bitbucket Cloud) or Atlassian’s on-premise products (like Jira, Confluence, or Bitbucket Server and Data Center).

The first vulnerability, known as session fixation, affected four public-facing applications run by Atlassian for customer and partner support (,,, and Exploiting this vulnerability successfully would require an attacker to identify and exploit a second separate security vulnerability in order to set the targeted user’s session cookie to a specific attacker-controlled value. After investigating, Atlassian engineers identified the source of the vulnerability as a custom single sign-on plugin; not the Jira or Confluence products themselves. A fix has been deployed and the affected systems are no longer vulnerable.

The additional vulnerabilities contained in the report were related to a training platform (, developed and hosted by a third party, that Atlassian utilized to provide training to customers on how to use products like Jira and Confluence. The vulnerabilities included a session fixation vulnerability, a cross-site request forgery (CSRF) vulnerability, and a cross-site scripting vulnerability (XSS) which could allow an attacker to take over a user’s Atlassian Training session if they were able to successfully get the targeted user to visit an attacker-controlled web page (typically via a phishing email). Atlassian notified the vendor who operates the training platform and they have deployed fixes for all of the vulnerabilities reported.

When chained together, these vulnerabilities could have allowed an attacker to impersonate the targeted user to the Atlassian applications affected by the first vulnerability after getting the targeted user to click a link in a specially crafted phishing email message designed to exploit the vulnerabilities in the Atlassian Training application. Once exploited, an attacker’s access would still be limited to the affected systems and would not be able to access customer Jira, Confluence, or Bitbucket Cloud data. All of the reported vulnerabilities have been patched and we will continue to monitor this issue and update any impacted customers if we have new information to share.

Atlassian encourages customers, partners, and security researchers to report security vulnerabilities through our bug bounty program, email, or customer support portal. For more information, see Report a Vulnerability.

For more information on Atlassian’s security practices, visit our Trust Center.



Log in or Sign up to comment

Atlassian Community Events