User invited to Atlassian organization as an administrator
Description
AlphaSOC detected that a user was invited to an Atlassian organization as an administrator. This action grants a user elevated access to Atlassian products and services, and may indicate potential compromise of administrative credentials.
Impact
By adding an unauthorized administrator to an Atlassian organization, threat actors can potentially manipulate data, access sensitive information, modify configurations, or perform other malicious actions within Atlassian products such as Jira and Confluence.
Severity
| Severity | Condition |
|---|---|
Low | User invited to Atlassian organization as an administrator |
Investigation and Remediation
Review the Atlassian audit logs to identify who invited the new admin to the organization and verify whether this action was authorized. If unauthorized, remove the unauthorized administrator, reset potentially affected credentials, and conduct a thorough security audit of the environment for other signs of compromise.