Atlassian administrator impersonated another user
Description
AlphaSOC detected that an Atlassian administrator logged in as another user. This action allows an admin to impersonate and perform actions on behalf of another user account.
Impact
This activity could indicate a potential compromise of admin credentials. The adversary may gain access to confidential data, manipulate user permissions, or perform unauthorized actions, all while evading detection by masquerading as a legitimate user.
Severity
| Severity | Condition |
|---|---|
Low | Atlassian admin logged in as another user |
Investigation and Remediation
Review Atlassian audit logs to identify the admin who logged in as another user and verify whether this action was authorized. If unauthorized, reset the admin's credentials and conduct a thorough security audit of the environment for other signs of compromise.