Skip to content Skip to footer

Atlassian Releases Patches for Critical SQL Injection Vulnerability in Bamboo: CVE-2024-1597

, a leading company, recently released patches to address over 25 security vulnerabilities affecting its products. One of the vulnerabilities is a critical bug that impacts the Bamboo Data Center and Server, which has been assigned a maximum severity score of 10.0 according to the Common Scoring System (CVSS).

The critical vulnerability is an flaw from a dependency called org.postgresql:postgresql. -2024-1597 vulnerability can be exploited to execute arbitrary SQL queries on the affected system. Despite its severity, has stated that the vulnerability presents a lower assessed risk due to its dependent nature.

According to the National Vulnerability Database (NVD) maintained by the National Institute of Standards and (NIST), the vulnerability is present in the PostgreSQL JDBC Driver. Specifically, versions prior to 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected. The vulnerability can be exploited if the driver is used with the connection property preferQueryMode=simple and the application code has a vulnerable SQL that negates a parameter value.

SonarSource security researcher Paul Gerste discovered and reported the vulnerability. has advised users to update their instances to the latest version to protect against potential threats. It is worth noting that Data Center products are not affected by this vulnerability as they do not use the PreferQueryMode=SIMPLE in their SQL database connection settings.

In conclusion, has taken swift action to address this critical vulnerability and has urged users to update their instances to the latest version to ensure the security of their systems. It is crucial to note that system administrators must stay vigilant and keep their software up to date to avoid potential security breaches.

Leave a comment

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I knew you'd escape. They haven't built a circuit that could hold you!Yori

Deitasoft © 2024. All Rights Reserved.