CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2022-26138

CVSS 9.8v3.1pub. 2022-07-20upd. 2026-01-14

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Confluence Data Center

    APP
    Atlassian
    wszystkie wersje
  • Atlassian Confluence Server

    APP
    Atlassian
    wszystkie wersje
  • Atlassian Questions For Confluence

    APP
    Atlassian
    2.7.342.7.353.0.2

CISA KEV — detailsi

Vendori
Atlassian
Producti
Confluence
Added to KEVi
July 29, 2022
Remediation deadline (US Federal)i
August 19, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 19 sierpnia 2022
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2023-22527CRITICAL9.8⚠ KEVPL ✓ten sam produkt

RCE via template injection w Atlassian Confluence Data Center i Server

CVE-2023-22518CRITICAL9.8⚠ KEVten sam produkt

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Imprope...

CVE-2023-22515CRITICAL9.8⚠ KEVten sam produkt

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have...

CVE-2022-26134CRITICAL9.8⚠ KEVten sam produkt

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...

CVE-2021-26084CRITICAL9.8⚠ KEVten sam produkt

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...