A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / SQL Injection in Bamboo Data Center and Server (CVE-2024-1597)

SQL Injection in Bamboo Data Center and Server (CVE-2024-1597)

Advisory No: TZCERT/SA/2024/03/21-02

Date of First Release: 21st March 2024

Source: Atlassian

Software Affected: Bamboo Data Center and Bamboo Server


Atlassian has released security patches to address a critical vulnerability affecting Bamboo Data Center and Bamboo Server. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability.


Bamboo Data Center and Server are affected with a critical vulnerability tracked as CVE-2024-1597. This vulnerability is the result of a flaw in pgjdbc, the PostgreSQL JDBC Driver which could allow attacker to inject SQL if using PreferQueryMode=SIMPLE. By constructing a matching string payload, the attacker can inject SQL to alter the query, bypassing the protections that parameterized queries bring against SQL Injection attacks.


Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.


Atlassian has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.


  1. https://jira.atlassian.com/browse/BAM-25716

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …