More than 24 security issues impacting various Atlassian products have been resolved as part of a new round of patches, The Hacker News reports.
Most critical of the addressed vulnerabilities was the critical severity SQL injection flaw impacting some versions of the Bamboo Data Center and Server, tracked as CVE-2024-1597, which could be exploited to facilitate asset exposure, according to Atlassian. "SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default query mode. Users that do not override the query mode are not impacted," said maintainers. Moreover, other Atlassian Bamboo and Data Center offerings without PreferQueryMode=SIMPLE in their SQL database connection settings are also not affected by the flaw, which was identified and reported by Paul Gerste, a security researcher at SonarSource.
