{"vulnerability": "CVE-2024-1597", "sightings": [{"uuid": "a9686b36-1632-40c7-8f21-da063bcc2c2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/kasperskyb2b/1191", "content": "\ud83e\ude79\ud83e\ude79 \u0414\u0432\u0430 Patch Tuesday \u043f\u043e \u0446\u0435\u043d\u0435 \u043e\u0434\u043d\u043e\u0433\u043e \u2014  \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c Chrome, Firefox, Bamboo, Bitbucket, Confluence \u0438  Jira \n\n\u0412\u0442\u043e\u0440\u043d\u0438\u043a \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f \u0431\u043e\u0433\u0430\u0442 \u043d\u0430 \u0432\u0430\u0436\u043d\u044b\u0435 \u043f\u0430\u0442\u0447\u0438.\n\u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c Chrome \u0438 Firefox, \u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u043a\u0440\u044b\u0442\u044b \u0440\u0430\u0437\u043d\u044b\u0435. \u0412 Chrome \u0437\u0430\u043a\u0440\u044b\u0442\u043e 12 \u0434\u044b\u0440, \u043d\u043e \u0432\u0441\u0435\u0433\u043e \u043e\u0434\u043d\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f. \u0412 Firefox \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 12 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432, \u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e 4 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u043e\u0446\u0435\u043d\u043a\u0443 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438 \u00ab\u0432\u044b\u0441\u043e\u043a\u0430\u044f\u00bb. \n\u0421\u0443\u0434\u044f \u043f\u043e \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f\u043c, \u043d\u0438 \u043e\u0434\u043d\u0430 \u0438\u0437 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u043a\u0430\u043a \u0437\u0438\u0440\u043e\u0434\u0435\u0439.\n\n\u0412 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 Atlassian \u043e\u043f\u0438\u0441\u0430\u043d\u044b 25 \u0443\u0441\u0442\u0440\u0430\u043d\u0451\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0438\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445.\n\u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u043f\u0443\u0433\u0430\u044e\u0449\u0430\u044f \u043d\u0430 \u0432\u0438\u0434 CVE-2024-1597 (CVSS 10) \u0432 Bamboo Data Center &amp; Server \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u043c \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 PostgreSQL, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Atlassian \u043f\u043e \u0443\u0432\u0435\u0440\u0435\u043d\u0438\u044f\u043c \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u043f\u0440\u043e\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c.  \u041f\u043e\u0432\u0435\u0440\u0438\u043c, \u0438 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u043c\u0441\u044f \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u2014 \u043e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438 \u0432 Confluence Data Center (CVE-2024-21677, CVSS 8.3). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u0432 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u0435 \u0441\u0443\u0433\u0443\u0431\u043e \u0444\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u043e, \u043d\u043e \u043c\u0435\u0436\u0434\u0443 \u0441\u0442\u0440\u043e\u043a \u0447\u0438\u0442\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0430\u043f\u043a\u0438. \n\n\u0412\u0441\u0435\u0433\u043e \u0432 Jira Software Data Center and Server \u0437\u0430\u043a\u0440\u044b\u0442\u043e 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e\u0441\u0442\u0438, \u0432\u043a\u043b\u044e\u0447\u0430\u044f 3 RCE, 16 DoS \u0438 1 SSRF. \n\n\u0417\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0434\u0440\u0443\u0433\u0438\u0445 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 (\u0432\u0441\u0435 \u2014 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430\u0445) \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Bitbucket Data Center and Server \u0438 Bamboo Data Center and Server. \n\n\u0421\u0443\u0434\u044f \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Atlassian, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \n\n#\u043d\u043e\u0432\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2024-03-21T07:08:50.000000Z"}, {"uuid": "7e2d38cd-ba96-4eef-8674-7a33af784979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "Telegram/aJq-mWp0WDy_vP8-XiLC6bRSdrXs_XkVzGpvRnEihFOPb1U", "content": "", "creation_timestamp": "2024-03-21T04:49:53.000000Z"}, {"uuid": "48079cbb-2a92-4133-a3f1-098920bedb7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1597\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\n\ud83d\udccf Published: 2024-02-19T12:58:48.620Z\n\ud83d\udccf Modified: 2025-06-12T15:37:51.979Z\n\ud83d\udd17 References:\n1. https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56\n2. https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/\n3. https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/\n5. https://security.netapp.com/advisory/ntap-20240419-0008/\n6. http://www.openwall.com/lists/oss-security/2024/04/02/6\n7. https://lists.debian.org/debian-lts-announce/2024/05/msg00007.html", "creation_timestamp": "2025-06-12T16:34:43.000000Z"}, {"uuid": "a60da28a-5f7e-4a5f-88e8-2b23cbd38d15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/arpsyndicate/4384", "content": "#ExploitObserverAlert\n\nCVE-2024-1597\n\nDESCRIPTION: Exploit Observer has 230 entries in 6 file formats related to CVE-2024-1597. pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.\n\nFIRST-EPSS: 0.000450000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-04-07T22:19:57.000000Z"}, {"uuid": "26891ebd-00f0-43c2-b7b3-48151c3cf8a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/4280", "content": "The Hacker News\nAtlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug\n\nAtlassian has released patches for&nbsp;more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction.\nTracked as&nbsp;CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity.\nDescribed as an SQL injection flaw, it's rooted in a dependency called org.postgresql:", "creation_timestamp": "2024-03-21T07:23:17.000000Z"}, {"uuid": "6bc40c40-110b-4564-94d8-99809230d3f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "Telegram/CtejcRG9RyUpwr_NliAiHklmWbUtnickKfxBAPklWPYvUA", "content": "", "creation_timestamp": "2024-03-21T07:23:16.000000Z"}, {"uuid": "c8ee31aa-7fa0-4a55-9452-28e5e02983a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "Telegram/TyXm8HHDod4RlBAzLhdCqUgyZCWNJXsRY5nFq-Fe7tm2hmM", "content": "", "creation_timestamp": "2024-03-21T06:12:39.000000Z"}, {"uuid": "b0a71302-7159-4d26-b130-3939f0eb8429", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/arpsyndicate/3658", "content": "#ExploitObserverAlert\n\nCVE-2024-1597\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-1597. pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected.", "creation_timestamp": "2024-02-20T18:26:24.000000Z"}, {"uuid": "77783d11-71c6-4c9b-8043-473ce3a0001d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/arpsyndicate/4913", "content": "#ExploitObserverAlert\n\nCVE-2024-1597\n\nDESCRIPTION: Exploit Observer has 240 entries in 7 file formats related to CVE-2024-1597. pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.\n\nFIRST-EPSS: 0.000990000\nNVD-IS: 5.9\nNVD-ES: 3.9\nARPS-PRIORITY: 0.7555719", "creation_timestamp": "2024-05-02T22:54:39.000000Z"}, {"uuid": "db369962-0b65-4f2a-baf8-a4f972ab9d69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "published-proof-of-concept", "source": "Telegram/2aNSgVlvOxaBcrntNhQaacIB_r5L4KAMiY46OTBPwRqHEA", "content": "", "creation_timestamp": "2024-03-21T06:38:21.000000Z"}, {"uuid": "8768a710-568a-4962-9523-b69c7efbdcf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/tengkorakcybercrewz/742", "content": "The Hacker News\nAtlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug\n\nAtlassian has released patches for&nbsp;more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction.\nTracked as&nbsp;CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity.\nDescribed as an SQL injection flaw, it's rooted in a dependency called org.postgresql:", "creation_timestamp": "2024-03-21T07:23:17.000000Z"}, {"uuid": "f55937fb-e5b4-4f9f-981e-55d7781013b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/KomunitiSiber/1663", "content": "Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug\nhttps://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html\n\nAtlassian has released patches for\u00a0more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction.\nTracked as\u00a0CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity.\nDescribed as an SQL injection flaw, it's rooted in a dependency called org.postgresql:", "creation_timestamp": "2024-03-21T05:10:53.000000Z"}, {"uuid": "c78c3469-5164-4df2-b516-034478c5cefd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/true_secator/5877", "content": "\u034fIntelBroker \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0432\u0435\u0440\u043e\u043b\u043e\u043c\u043d\u043e \u0443\u043d\u0438\u0447\u0442\u043e\u0436\u0430\u0442\u044c \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043c\u043d\u043e\u0433\u0438\u0445 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u0432 \u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432. \n\n\u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u0432 \u043e\u0447\u0435\u0440\u0435\u0434\u0438 \u043e\u043a\u0430\u0437\u0430\u043b\u0430\u0441\u044c T-Mobile, \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0432\u043f\u0440\u043e\u0447\u0435\u043c \u0443\u0436\u0435 \u043d\u0435 \u043f\u0440\u0438\u0432\u044b\u043a\u0430\u0442\u044c \u043a \u0442\u0430\u043a\u043e\u0433\u043e \u0440\u043e\u0434\u0430 \u043d\u043e\u0432\u043e\u0441\u0442\u044f\u043c.\n\n\u041a\u0430\u043a \u0437\u0430\u044f\u0432\u0438\u043b \u0445\u0430\u043a\u0435\u0440, \u0442\u0435\u043b\u0435\u043a\u043e\u043c\u043c\u0443\u043d\u0438\u043a\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u0432\u0437\u043b\u043e\u043c\u0430\u043d\u0430 \u0432 \u0438\u044e\u043d\u0435 2024 \u0433\u043e\u0434\u0430, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0443 \u043d\u0435\u0435 \u0431\u044b\u043b \u0443\u043a\u0440\u0430\u0434\u0435\u043d \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435.\n\n\u0412 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043f\u0440\u0443\u0444\u0430 IntelBroker \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0441\u043a\u0440\u0438\u043d\u043e\u0432, \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u044e\u0449\u0438\u0445 \u0434\u043e\u0441\u0442\u0443\u043f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 Confluence \u0438 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u043c \u043a\u0430\u043d\u0430\u043b\u0430\u043c Slack \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432.\n\n\u0422\u0435\u043c \u043d\u0435 \u043c\u0435\u043d\u0435\u0435, T-Mobile \u0432 \u0441\u0432\u043e\u0435\u043c \u0440\u0435\u043f\u0435\u0440\u0442\u0443\u0430\u0440\u0435 \u0438 \u0443\u0436\u0435 \u043f\u043e\u0441\u043f\u0435\u0448\u0438\u043b\u0430 \u043f\u0435\u0440\u0435\u0432\u0430\u043b\u0438\u0442\u044c \u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0437\u0430 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430, \u043e\u0442\u0440\u0438\u0446\u0430\u044f \u0444\u0430\u043a\u0442 \u0432\u0437\u043b\u043e\u043c\u0430 \u0438\u043b\u0438 \u043a\u0440\u0430\u0436\u0438 \u0438\u0441\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0412 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u0441\u0447\u0438\u0442\u0430\u044e\u0442, \u0447\u0442\u043e \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0441\u044f IntelBroker, \u043d\u0430 \u0441\u0430\u043c\u043e\u043c \u0434\u0435\u043b\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u0441\u0442\u0430\u0440\u044b\u0435 \u0441\u043a\u0440\u0438\u043d\u0448\u043e\u0442\u044b \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b T-Mobile, \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0433\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430, \u043e\u0442\u043a\u0443\u0434\u0430 \u043e\u043d\u0438 \u0431\u044b\u043b\u0438 \u0443\u043a\u0440\u0430\u0434\u0435\u043d\u044b.\n\n\u0415\u0433\u043e \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u043a\u0430 \u043d\u0435 \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d \u043f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u043c\u044b\u0439 \u0432\u0437\u043b\u043e\u043c.\n\n\u0421\u0443\u0434\u044f \u043f\u043e \u0441\u043a\u0440\u0438\u043d\u0430\u043c IntelBroker \u043c\u043e\u0433 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0443 Jira.\n\n\u0415\u0449\u0435 \u043d\u0435\u044f\u0441\u043d\u043e, \u043a\u0430\u043a \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u0432\u0437\u043b\u043e\u043c\u0430\u0442\u044c \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430, \u043d\u043e \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0443\u0442\u0435\u043a\u0448\u0438\u0445 \u0438\u0437\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u0439 \u043f\u0440\u043e\u0441\u043c\u0430\u0442\u0440\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u043e\u0438\u0441\u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0434\u044b\u0440, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CVE-2024-1597 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 9,8 \u0438\u0437 10 \u0432 Confluence.\n\n\u0411\u044b\u043b \u043b\u0438 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0439 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0432\u0437\u043b\u043e\u043c\u0430\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0438\u043c\u0435\u043d\u043d\u043e \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u043b\u0438 \u043a\u0430\u043a\u043e\u0439 \u0434\u0440\u0443\u0433\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442 \u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0435, \u0430 \u043c\u044b, \u043a\u0430\u043a \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2024-06-20T12:45:40.000000Z"}, {"uuid": "2255ba1f-999b-46a4-9dc8-146eae4102a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/ctinow/187684", "content": "https://ift.tt/NFivc8P\nCVE-2024-1597", "creation_timestamp": "2024-02-19T14:21:46.000000Z"}, {"uuid": "a2c2bd68-4057-49dd-a456-1f4d152fcb83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/ctinow/187681", "content": "https://ift.tt/NFivc8P\nCVE-2024-1597", "creation_timestamp": "2024-02-19T14:21:43.000000Z"}, {"uuid": "a34d5889-5ae0-4316-b974-922cd89a8dfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/true_secator/5549", "content": "Atlassian \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0434\u0432\u0443\u0445 \u0434\u0435\u0441\u044f\u0442\u043a\u043e\u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Bamboo, Bitbucket, Confluence \u0438 Jira, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0432 Bamboo Data Center \u0438 Server, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0431\u0435\u0437 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a CVE-2024-1597 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 CVSS 10.\n\n\u041e\u043d\u0430 \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f SQL \u0438 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430\u00a0\u0441\u0442\u043e\u0440\u043e\u043d\u043d\u044e\u044e \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u044c org.postgresql:postgresql \u0434\u043b\u044f Bamboo Data Center \u0438 Server.\n\n\u041f\u043e \u043c\u043d\u0435\u043d\u0438\u044e Atlassian, \u043e\u0448\u0438\u0431\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u044b \u0432 \u0441\u0440\u0435\u0434\u0435, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Bamboo Data Center \u0438 Server \u0432\u0435\u0440\u0441\u0438\u0439 8.2.1, 9.0.0, 9.1.0, 9.2.1, 9.3.0, 9.4.0 \u0438 9.5.0 \u0438 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c 9.6.0 ( LTS), 9.5.2, 9.4.4 \u0438 9.2.12 (LTS), \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0442\u0430\u043a\u0436\u0435 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a DoS.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2024-21634 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 7,5) \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0430\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0439 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442, DoS-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 \u0432 Bitbucket Data Center \u0438 Server.\n\nAtlassian \u0442\u0430\u043a\u0436\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0443\u0442\u0435\u0439 \u0432 Confluence Data Center \u0438 Server \u0438 DoS-\u043e\u0448\u0438\u0431\u043a\u0438 \u0432 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0435\u0439 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430.\u00a0\u0412\u0435\u0440\u0441\u0438\u0438 Confluence 8.8.1, 8.5.7 LTS \u0438 7.19.20 LTS \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0442 \u043e\u0431\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Jira Software Data Center \u0438 Server \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 20 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 16, \u0432\u0435\u0434\u0443\u0449\u0438\u0445 \u043a DoS, 3 - RCE \u0438 1 - SSRF.\n\n\u0414\u0435\u0444\u0435\u043a\u0442\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0435 \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u043d\u0438\u0435 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0434\u043e\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044e \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0432 Jira Software Data Center \u0438 Server 9.14.1, 9.14.0, 9.12.5 LTS \u0438 9.4.18 LTS.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u043d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0442\u043e, \u0447\u0442\u043e \u043f\u043e\u043a\u0430 \u043d\u0435\u0442 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445.", "creation_timestamp": "2024-03-21T15:35:05.000000Z"}, {"uuid": "53cad7ff-28a2-4918-8768-6dc7c7b135b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/ctinow/190682", "content": "https://ift.tt/IvxEKs0\nCVE-2024-1597 | PostgreSQL pgjdbc up to 42.7.1 Simple Query Mode sql injection (GHSA-24rp-q3w6-vc56)", "creation_timestamp": "2024-02-22T12:46:47.000000Z"}, {"uuid": "a47a3487-de50-4826-9c02-4e3043ee8194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1597", "type": "seen", "source": "https://t.me/thehackernews/4708", "content": "\ud83d\udea8 Atlassian patched over 25 security issues, including a critical SQL injection bug (CVE-2024-1597) in Bamboo Data Center &amp; Server. \n \nDetails: https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html \n \nRated 10.0 CVSS score, this flaw requires no user interaction to exploit. Update now to safeguard your systems.", "creation_timestamp": "2024-03-21T04:40:11.000000Z"}]}