One-click account takeover vulnerabilities in Atlassian domains patched