Yeah it seems odd to me that their internal wiki, code repo, and Jira is exposed directly to the internet and arbitrary IPs could connect to it. Atlassian had a rash of vulnerabilities recently, who knows how many undiscovered ones still exist.
If they had a VPN in place secured with machine certs, that would be yet another layer for an attacker to defeat.
If they had a VPN in place secured with machine certs, that would be yet another layer for an attacker to defeat.