Atlassian Questions For Confluence vulnerabilities
3 known vulnerabilities affecting atlassian/questions_for_confluence.
Total CVEs
3
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-26138CRITICALCVSS 9.8KEVPoCv2.7.34v2.7.35+1 more2022-07-20
CVE-2022-26138 [CRITICAL] CWE-798 CVE-2022-26138: The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluenc
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content
cvelistv5nvd
CVE-2018-13393MEDIUMCVSS 6.5fixed in 2.6.62018-08-15
CVE-2018-13393 [MEDIUM] CWE-352 CVE-2018-13393: The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bund
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
nvd
CVE-2018-13394MEDIUMCVSS 6.5fixed in 2.6.62018-08-15
CVE-2018-13394 [MEDIUM] CWE-352 CVE-2018-13394: The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled versio
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
nvd