Imechapishwa: Mar 21, 2024 13:26
Advisory No: TZCERT/SA/2024/03/21-02
Source: Atlassian
Software Affected: Bamboo Data Center and Bamboo Server
Atlassian has released security patches to address a critical vulnerability affecting Bamboo Data Center and Bamboo Server. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability.
Bamboo Data Center and Server are affected with a critical vulnerability tracked as CVE-2024-1597. This vulnerability is the result of a flaw in pgjdbc, the PostgreSQL JDBC Driver which could allow attacker to inject SQL if using PreferQueryMode=SIMPLE. By constructing a matching string payload, the attacker can inject SQL to alter the query, bypassing the protections that parameterized queries bring against SQL Injection attacks.
Successful exploitation of this vulnerability may allow the attacker to take control of the affected system.
Atlassian has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.