Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Multiple Vulnerabilities in Atlassian Products

3 views
Skip to first unread message

Fleury, Terry

unread,
Mar 21, 2024, 11:48:18 AM3/21/24
to cv-an...@trustedci.org

CI Operators:

Atlassian has announced updates to address 1 critical severity issue and 24 high severity issues across various products [1], including Bamboo Data Center and Server, Bitbucket Data Center and Server, Confluence Data Center and Server, and Jira Software Data Center and Server. 

 

Impact:

The 1 critical severity (CVE-2024-1597 [2]) affects Bamboo Data Center and Server with a CVSSv3 score of 10.0. The issue is an SQL injection vulnerability in the PostgreSQL JDBC driver when using the non-default connection property "preferQueryMode=simple". However, Atlassian products do not use this connection property, so the criticality is less.

 

The other 24 high severity issues deal primarily with path traversal, denial of service (DoS), and remote code execution (RCE) vulnerabilities across the Atlassian suite of products. 

 

Affected Software

  • Bamboo Data Center and Server
  • Bitbucket Data Center and Server
  • Confluence Data Center and Server
  • Jira Software Data Center and Server

 

Recommendation:

Download the latest version of software for your product. See the Security Bulletin [1] for any potential mitigations.

 

References:

[1] https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html

[2] https://nvd.nist.gov/vuln/detail/CVE-2024-1597 

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.

 

Reply all
Reply to author
Forward
0 new messages