vulnerability
Atlassian Confluence: Use of Hard-coded Credentials (CVE-2022-26138)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | 2022-07-20 | 2022-07-28 | 2024-09-18 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
2022-07-20
Added
2022-07-28
Modified
2024-09-18
Description
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Solution(s)
atlassian-confluence-upgrade-7_13_6atlassian-confluence-upgrade-7_14_3atlassian-confluence-upgrade-7_15_2atlassian-confluence-upgrade-7_16_4atlassian-confluence-upgrade-7_17_2atlassian-confluence-upgrade-7_4_17
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.