Home Security Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug

by crpt os


Mar 21, 2024NewsroomDatabase / Vulnerability

Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction.

Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity.

Described as an SQL injection flaw, it’s rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it “presents a lower assessed risk” despite the criticality.

Cybersecurity

“This org.postgresql:postgresql dependency vulnerability […] could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction,” Atlassian said.

According to a description of the flaw in the NIST’s National Vulnerability Database (NVD), “pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE.” The driver versions prior to the ones listed below are impacted –

  • 42.7.2
  • 42.6.1
  • 42.5.5
  • 42.4.4
  • 42.3.9, and
  • 42.2.28 (also fixed in 42.2.28.jre7)

“SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value,” the maintainters said in an advisory last month.

“There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted.”

Cybersecurity

The Atlassian vulnerability is said to have been introduced in the following versions of Bamboo Data Center and Server –

  • 8.2.1
  • 9.0.0
  • 9.1.0
  • 9.2.1
  • 9.3.0
  • 9.4.0, and
  • 9.5.0

The company also emphasized that Bamboo and other Atlassian Data Center products are unaffected by CVE-2024-1597 as they do not use the PreferQueryMode=SIMPLE in their SQL database connection settings.

SonarSource security researcher Paul Gerste has been credited with discovering and reporting the flaw. Users are advised to update their instances to the latest version to protect against any potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex