Skip to content Skip to footer

Atlassian Releases Patches for Critical SQL Injection Vulnerability in Bamboo: CVE-2024-1597

Atlassian, a leading software development company, recently released patches to address over 25 security affecting its products. One of the is a critical bug that impacts the Bamboo Data Center and Server, which has been assigned a maximum severity score of 10.0 according to the Common Scoring System (CVSS).

The critical is an SQL injection flaw from a dependency called org.postgresql:postgresql. CVE-2024-1597 can be exploited to execute arbitrary SQL queries on the affected system. Despite its severity, Atlassian has stated that the presents a lower assessed risk due to its dependent nature.

According to the National Database (NVD) maintained by the National Institute of Standards and (NIST), the is present in the PostgreSQL JDBC Driver. Specifically, versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. The can be exploited if the driver is used with the connection property preferQueryMode=simple and the application code has a vulnerable SQL that negates a parameter value.

SonarSource security researcher Paul Gerste discovered and reported the vulnerability. Atlassian has advised users to update their instances to the latest version to protect against potential threats. It is worth noting that Atlassian Data Center products are not affected by this vulnerability as they do not use the PreferQueryMode=SIMPLE in their SQL database connection settings.

In conclusion, Atlassian has taken swift action to address this critical vulnerability and has urged users to update their instances to the latest version to ensure the security of their systems. It is crucial to note that system administrators must stay vigilant and keep their software up to date to avoid potential security breaches.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

You take the blue pill... the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill... you stay in Wonderland, and I show you how deep the rabbit hole goesMorpheus

Deitasoft © 2024. All Rights Reserved.