⚠ Actively exploited
Added to CISA KEV on 2022-07-29. Federal agencies required to patch by 2022-08-19. Required action: Apply updates per vendor instructions..
CVE-2022-26138 — Hard-coded Credentials in Atlassian Questions FOR Confluence
Severity
9.8CRITICALNVD
EPSS
94.3%
top 0.05%
CISA KEV
KEV
Added 2022-07-29
Due 2022-08-19
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 20
KEV addedJul 29
Latest updateAug 17
KEV dueAug 19
CISA Required Action: Apply updates per vendor instructions.
Description
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-23xf-wg9r-49fr: The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with↗2022-07-21
CVEList▶
CVE-2022-26138: The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with↗2022-07-20
💥Exploits & PoCs
1Nuclei▶
Atlassian Questions For Confluence - Hardcoded Credentials