www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/atlassians-bamboo-has-critical-sql-injection-vulnerability-606264
Submission: On March 21 via api from TR — Scanned from AU
Submission: On March 21 via api from TR — Scanned from AU
Form analysis 1 forms found in the DOM
POST /news/atlassians-bamboo-has-critical-sql-injection-vulnerability-606264
<form id="frm-login" action="/news/atlassians-bamboo-has-critical-sql-injection-vulnerability-606264" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>Text Content
Latest News TELSTRA FINDS ITS NEXT NETWORKS AND TECHNOLOGY BOSS HYBRID WORK (IT’S COMPLICATED) US BROADBAND PROVIDERS TO BEGIN PROVIDING NEW COMPARISON LABELS US WARNS THAT HACKERS TARGETING WATER UTILITIES, SYSTEMS MURRAY-DARLING BASIN AUTHORITY HUNTS FOR NEW CIO * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Diversity State of Security State of Sustainability State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * AWARDS * ADVERTISE NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Diversity State of Security State of Sustainability State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST AWARDS ADVERTISE Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security ATLASSIAN'S BAMBOO HAS CRITICAL SQL INJECTION VULNERABILITY By Richard Chirgwin Mar 20 2024 8:35AM PLUS 24 HIGH-SEVERITY PATCHES. Atlassian’s monthly security roll-up includes a patch for a critical SQL injection vulnerability in its Bamboo data centre and server products. The critical vulnerability is CVE-2024-1597, in the PostgreSQL JBDC driver. It only affects PostgreSQL if PreferQueryMode is set to “simple”, which is not the configuration Atlassian uses. Bamboo data centre and server also inherit CVE-2024-21634, a denial-of-service bug in Amazon’s Ion, a Java implementation of the Ion data notation.` The bugs affect all versions of Bamboo data centre and server prior to 8.2.0, and are fixed in 9.6.0 or 9.5.2 (for data centre), 9.4.4, and 9.2.12 (LTS). CVE-2024-21634 also affects Atlassian’s BitBucket data centre and server, which has also been patched against the bug. Meanwhile, Confluence data centre and server have also been patched against CVE-2024-1597, as well as CVE-2023-36478 (a denial-of-service bug). The rest of the bugs covered in Atlasian's advisory are high-severity bugs in Jira. Most are denial-of-service vulnerabilities, but there are three remote code execution bugs: CVE-2022-34169, an integer truncation bug in the Apache Xalan Java XSLT library; and a pair of bugs in Batik, part of Apache XML graphics – CVE-2022-42890, and CVE-2022-41704. Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: apacheatlassiansecurity RELATED ARTICLES * US warns that hackers targeting water utilities, systems * IT contractor sentenced in Australian maritime museum fraud * ASD taps Microsoft Sentinel's threat intelligence feed * IMF probing cyber security incident PARTNER CONTENT Partner Content Tracking and keeping maintenance personnel safe with Appian Partner Content Quantum networking, the “spooky” connectivity of the future Partner Content Maximising value starts by looking within your business Partner Content World of Workflows supports Indigenous procurement with isupply Australia SPONSORED WHITEPAPERS State of workplace technology - AI in IT Redrawing the battle lines with Cisco AI Assistant for Security Operational excellence is a key part of system modernisation Barracuda’s security portfolio give MSPs teeth to help customers overcome cybersecurity challenges The State of Zero Trust Transformation, 2023 MOST READ ARTICLES AUSTRALIAN POLICE LINK "OVER 11,000 CYBERCRIME INCIDENTS" TO MEDIBANK BREACH IT CONTRACTOR SENTENCED IN AUSTRALIAN MARITIME MUSEUM FRAUD ASD TAPS MICROSOFT SENTINEL'S THREAT INTELLIGENCE FEED MICROSOFT TO EXPAND AVAILABILITY OF ITS SECURITY COPILOT Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION More than half of loyalty members concerned about their data Health tech startup Kismet raises $4m in pre-seed funding COVER STORY: What AI regulation might look like in Australia How eBay uses interaction analytics to improve CX State of Security 2023 MOST POPULAR TECH STORIES * STATE OF SECURITY 2023 COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN ENVIRONMENTAL GREY AREA? FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS? CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON FOOTPRINT CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS * AUCLOUD ANNOUNCES $30 MILLION ACQUISITION OF THREE IT FIRMS EVERGREEN SERVICES GROUP BUYS CANBERRA MSP CENTRERED IT PARTNERS NEEDED FOR AUSTRALIA'S NEWEST CITY CISCO PROMOTES JESSICA MCFADDEN TO LEAD NZ CISCO COMPLETES US$28 BILLION SPLUNK ACQUISITION * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * PHOTOS: THE 2023 IOT AWARDS WINNERS NATURE POSITIVITY - WHAT IT IS AND WHY IT MATTERS PHOTOS: THE 2019 IOT FESTIVAL IN MELBOURNE IOT IMPACT CONFERENCE RETURNS TO UTS IN 2024 HUGE IOT IMPACT AGENDA FEATURES LATEST AUSTRALIAN IOT USE CASES, CASE STUDIES AND EXPERT INSIGHTS Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2024 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel