Connect with us

Hi, what are you looking for?



Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server.

Atlassian on Tuesday announced patches for two dozen vulnerabilities in Bamboo, Bitbucket, Confluence, and Jira products, including a critical-severity bug that could be exploited without user interaction.

Tracked as CVE-2024-1597 (CVSS score of 10) and described as an SQL injection issue, the critical-severity flaw impacts the org.postgresql:postgresql third-party dependency of Bamboo Data Center and Server.

According to Atlassian, the issue “could allow an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction”.

The vulnerability affects Bamboo Data Center and Server versions 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0, and 9.5.0, and was addressed with the release of versions 9.6.0 (LTS), 9.5.2, 9.4.4, and 9.2.12 (LTS), which also address a high-severity flaw leading to denial-of-service (DoS).

Tracked as CVE-2024-21634 (CVSS Score of 7.5) and impacting a third-party component, the DoS vulnerability was also patched in Bitbucket Data Center and Server.

On Tuesday, Atlassian also announced patches for a high-severity path traversal in Confluence Data Center and Server and a high-severity DoS bug in a third-party dependency of the product. Confluence versions 8.8.1, 8.5.7 LTS, and 7.19.20 LTS resolve both issues.

Jira Software Data Center and Server security updates released on Tuesday address 20 high-severity vulnerabilities, including 16 leading to DoS, three leading to remote code execution (RCE), and one server-side request forgery (SSRF) bug.

Impacting various third-party dependencies and exploitable without authentication, the security defects were patched in Jira Software Data Center and Server versions 9.14.1, 9.14.0, 9.12.5 LTS, and 9.4.18 LTS.

Advertisement. Scroll to continue reading.

Users are advised to update their instances to the latest version of the affected products. Atlassian makes no mention of any of these vulnerabilities being exploited in the wild.

Additional information can be found in Atlassian’s March 2024 security bulletin.

Related: Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

Related: Atlassian Patches Critical Remote Code Execution Vulnerabilities

Related: Atlassian Issues Second Warning on Potential Exploitation of Critical Confluence Flaw

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights