Vulnerability Details CVE-2022-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.942
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
Ransomware Campaign
Unknown
References
Products affected by CVE-2022-26138
-
cpe:2.3:a:atlassian:confluence_data_center:-
-
cpe:2.3:a:atlassian:confluence_server:-
-
cpe:2.3:a:atlassian:questions_for_confluence:2.7.34
-
cpe:2.3:a:atlassian:questions_for_confluence:2.7.35
-
cpe:2.3:a:atlassian:questions_for_confluence:3.0.2