A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / SQL Injection in Bamboo Data Center and Server (CVE-2024-1597)

SQL Injection in Bamboo Data Center and Server (CVE-2024-1597)

Advisory No: TZCERT/SA/2024/03/21-02

Date of First Release: 21st March 2024

Source: Atlassian

Software Affected: Bamboo Data Center and Bamboo Server

Overview:

Atlassian has released security patches to address a critical vulnerability affecting Bamboo Data Center and Bamboo Server. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability.

Description:

Bamboo Data Center and Server are affected with a critical vulnerability tracked as CVE-2024-1597. This vulnerability is the result of a flaw in pgjdbc, the PostgreSQL JDBC Driver which could allow attacker to inject SQL if using PreferQueryMode=SIMPLE. By constructing a matching string payload, the attacker can inject SQL to alter the query, bypassing the protections that parameterized queries bring against SQL Injection attacks.

Impact:

Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.

Solution:

Atlassian has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://jira.atlassian.com/browse/BAM-25716

Best free WordPress theme

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.