Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug
Mar 21, 2024
Database / Vulnerability
Atlassian has released patches for more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597 , the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it "presents a lower assessed risk" despite the criticality. "This org.postgresql:postgresql dependency vulnerability [...] could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction," Atlassian said . According to a description of the flaw in the NIST's National Vulnerability Database (NVD), "pgjdbc, the PostgreSQL JDBC Driver, allows attac