Invest
HomeVulnerabilityAtlassian Releases Fixes for Over 2 Dozen Flaws, Together with Crucial Bamboo...
Vulnerability

Atlassian Releases Fixes for Over 2 Dozen Flaws, Together with Crucial Bamboo Bug

stanlieder
By stanlieder

Atlassian has launched patches for greater than two dozen security flaws, together with a essential bug impacting Bamboo Data Middle and Server that might be exploited with out requiring consumer interplay.

Tracked as CVE-2024-1597, the vulnerability carries a CVSS rating of 10.0, indicating most severity.

Described as an SQL injection flaw, it is rooted in a dependency referred to as org.postgresql:postgresql, on account of which the corporate mentioned it “presents a decrease assessed danger” regardless of the criticality.

Cybersecurity

“This org.postgresql:postgresql dependency vulnerability […] might permit an unauthenticated attacker to reveal belongings in your atmosphere inclined to exploitation which has excessive influence to confidentiality, excessive influence to integrity, excessive influence to availability, and requires no consumer interplay,” Atlassian mentioned.

In keeping with an outline of the flaw within the NIST’s Nationwide Vulnerability Database (NVD), “pgjdbc, the PostgreSQL JDBC Driver, permits attacker to inject SQL if utilizing PreferQueryMode=SIMPLE.” The driving force variations previous to those listed beneath are impacted –

  • 42.7.2
  • 42.6.1
  • 42.5.5
  • 42.4.4
  • 42.3.9, and
  • 42.2.28 (additionally mounted in 42.2.28.jre7)
See also  Why Pay A Pentester?Sep 18, 2024Penetration Testing / Automation The evolution of software program at all times catches us abruptly. I keep in mind betting in opposition to the IBM pc Deep Blue throughout its chess match in opposition to the grandmaster Garry Kasparov in 1997, solely to be shocked when the machine claimed victory. Quick ahead to at the moment, would we've imagined simply three years in the past {that a} chatbot might write essays, deal with buyer assist calls, and even craft business art work? We proceed to be amazed by what software program can obtain—duties we as soon as thought have been strictly human domains. Such is the shock unfolding within the sphere of cybersecurity testing. Maintain tight! Demystifying Penetration Testing If somebody had instructed me 10 years in the past that pc software program might someday carry out the work of an moral hacker, I might have mentioned 'No approach, Jose'. Penetration testing—PT for brief—is when consultants mimic hackers to check an organization's defenses. It's a crucial observe, mandated by main regulatory our bodies like PCI DSS, HIPAA, and DORA to make sure community security. But, regardless of

“SQL injection is feasible when utilizing the non-default connection property preferQueryMode=easy together with software code that has a susceptible SQL that negates a parameter worth,” the maintainters mentioned in an advisory final month.

“There is no such thing as a vulnerability within the driver when utilizing the default question mode. Customers that don’t override the question mode usually are not impacted.”

Cybersecurity

The Atlassian vulnerability is claimed to have been launched within the following variations of Bamboo Data Middle and Server –

  • 8.2.1
  • 9.0.0
  • 9.1.0
  • 9.2.1
  • 9.3.0
  • 9.4.0, and
  • 9.5.0

The corporate additionally emphasised that Bamboo and different Atlassian Data Middle merchandise are unaffected by CVE-2024-1597 as they don’t use the PreferQueryMode=SIMPLE of their SQL database connection settings.

SonarSource security researcher Paul Gerste has been credited with discovering and reporting the flaw. Customers are suggested to replace their cases to the newest model to guard in opposition to any potential threats.

- Advertisment -spot_img
Previous article
Why extra girls aren’t CISOs and easy methods to change that
Next article
The way to Speed up Vendor Threat Assessments within the Age of SaaS Sprawl
stanlieder
stanliederhttps://news.killnetswitch.com
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Load more

EDITOR PICKS

POPULAR News

POPULAR TAGS

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritySecurity TipsmicrosoftData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritySecurity TipsmicrosoftData ProtectionsecurityCybercrimesoftware security

POPULAR Tags

NewsVulnerabilityvulnerabilitiesCybersecurityData BreachCyber AttacksMalwareransomwareCyber Attacknetwork securityThreat IntelligenceRemote Code Executionzero dayCloud SecuritySecurity Tips

ABOUT US

Welcome to News.killnetswitch, your trusted source for the latest updates, insights, and analysis in the world of cybersecurity and network security.

Contact us : info@killnetswitch.com

FOLLOW US

© 2024 All Rights reserved | Protected by News.Killnetswitch