Atlassian has announced patches for two dozen vulnerabilities across its Bamboo, Bitbucket, Confluence, and Jira products, including a critical-severity SQL injection flaw (CVE-2024-1597) affecting Bamboo Data Center and Server versions. This vulnerability, with a CVSS score of 10, could allow an unauthenticated attacker to expose assets susceptible to exploitation without user interaction. Additionally, a high-severity denial-of-service (DoS) flaw (CVE-2024-21634) affecting Bitbucket Data Center and Server has been patched. Confluence Data Center and Server received patches for a high-severity path traversal vulnerability and a high-severity DoS bug, while Jira Software Data Center and Server saw updates addressing 20 high-severity vulnerabilities, including those leading to DoS, remote code execution (RCE), and server-side request forgery (SSRF). Users are urged to update their instances to the latest versions, although Atlassian has not reported any exploitation of these vulnerabilities in the wild.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.