Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2024/09/06 12:0 a.m.20 views

CVE-2021-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...

7.8AI score
In wildExploits0References2
Qualys Blog
Qualys Blog
added 2022/08/17 10:12 a.m.381 views

Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)

Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...

7.5CVSS10AI score0.99999EPSS
Exploits76
BDU FSTEC
BDU FSTEC
added 2022/07/25 12:0 a.m.5 views

The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server and the Confluence Data Center, related to the possibility of using strictly encrypted user credentials, allows a hacker to gain full access to the Confluence software with the confluence-users group’s permissions.

The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server web server and the Confluence Data Center is related to the possibility of using strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, t...

9CVSS8.1AI score0.9817EPSS
Exploits1References6Affected Software3
CISA
CISA
added 2022/07/22 12:0 a.m.47 views

Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138

Atlassian has released a security advisory to address a vulnerability CVE-2022-26138 affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild. CISA encourage...

3.1AI score0.9817EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2022/07/21 8:41 a.m.225 views

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...

1AI score0.9817EPSS
Exploits1
Rows per page
Query Builder