5 matches found
CVE-2021-26138
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit...
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
Over the last few months, Atlassian Confluence has increasingly become a target for attackers. In June 2022, a critical severity OGNL Remote Code Execution vulnerability was disclosed CVE-2022-26134. More recently, CVE-2022-26138 was disclosed on social media platforms in July 2022. In...
The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server and the Confluence Data Center, related to the possibility of using strictly encrypted user credentials, allows a hacker to gain full access to the Confluence software with the confluence-users group’s permissions.
The vulnerability of the Questions for Confluence application on the Atlassian Confluence Server web server and the Confluence Data Center is related to the possibility of using strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, t...
Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138
Atlassian has released a security advisory to address a vulnerability CVE-2022-26138 affecting Questions for Confluence App. An attacker could exploit this vulnerability to obtain sensitive information. Atlassian reports that the vulnerability is likely to be exploited in the wild. CISA encourage...
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enable...