Atlassian has announced patches for two dozen vulnerabilities across its Bamboo, Bitbucket, Confluence, and Jira products, including a critical-severity SQL injection flaw (CVE-2024-1597) affecting Bamboo Data Center and Server versions. This vulnerability, with a CVSS score of 10, could allow an unauthenticated attacker to expose assets susceptible to exploitation without user interaction. Additionally, a high-severity denial-of-service (DoS) flaw (CVE-2024-21634) affecting Bitbucket Data Center and Server has been patched. Confluence Data Center and Server received patches for a high-severity path traversal vulnerability and a high-severity DoS bug, while Jira Software Data Center and Server saw updates addressing 20 high-severity vulnerabilities, including those leading to DoS, remote code execution (RCE), and server-side request forgery (SSRF). Users are urged to update their instances to the latest versions, although Atlassian has not reported any exploitation of these vulnerabilities in the wild.

Read more: https://www.securityweek.com/atlassian-patches-critical-vulnerability-in-bamboo-data-center-and-server/