- 95/2024
- Critical
Atlassian has released security updates to address several vulnerabilities across multiple products and third-party components included in Atlassian products.
The addressed vulnerabilities could allow the attacker to manipulate data, view, add, modify, or delete information in the back-end database, obtain sensitive information, perform denial of service attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. PostgreSQL JDBC Driver (PgJDBC) SQL Injection (CVE-2024-1597):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Data Manipulation
2. Atlassian Confluence Data Center and Server Path Traversal Vulnerability (CVE-2024-21677):
- CVSS: 8.3
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Affected Products:
- Confluence Data Center and Server.
- Jira Software Data Center and Server.
- Bamboo Data Center and Server.
- Bitbucket Data Center and Server.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.