Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-26138

UNKNOWN
Published 2022-07-20T17:25:26.913Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-26138. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Available Exploits

Atlassian Questions For Confluence - Hardcoded Credentials

Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.

ID: CVE-2022-26138
Author: HTTPVoid Critical

References:

Related News

No news articles found for this CVE.

Affected Products

Atlassian

Questions For Confluence

Affected Versions:

2.7.34 2.7.35 3.0.2

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

August 19, 2022

Added to KEV

July 29, 2022

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: Atlassian
Product: Confluence

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed CRITICAL

GHSA-23xf-wg9r-49fr

Advisory Details

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-26138
WEB https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
WEB https://jira.atlassian.com/browse/CONFSERVER-79483

Advisory provided by GitHub Security Advisory Database. Published: July 21, 2022, Modified: August 5, 2022

References

https://jira.atlassian.com/browse/CONFSERVER-79483
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
Published: 2022-07-20T17:25:26.913Z
Last Modified: 2025-01-28T21:48:56.674Z
Copied to clipboard!