Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-26138
HistoryJul 20, 2022 - 6:15 p.m.

CVE-2022-26138

2022-07-2018:15:00
CWE-798
[email protected]
web.nvd.nist.gov
680
In Wild
20
atlassian
confluence
questions
cve-2022-26138
security
vulnerability
hardcoded password

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Social References

More

Related

thn 3
githubexploit 2
checkpoint_advisories 1
nessus 2
cisa 1
talosblog 1
cvelist 1
attackerkb 1
atlassian 1
prion 1
cisa_kev 1
nuclei 1
qualysblog 3
hivepro 1
rapid7blog 4
avleonov 1
thn
thn
Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation
2022-07-29 03:19:00
CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks
2022-07-30 03:54:00
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
2022-07-21 08:41:00
githubexploit
githubexploit
Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence
2022-07-30 07:14:52
Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence
2022-07-28 09:48:21
checkpoint_advisories
checkpoint_advisories
Atlassian Questions for Confluence App Hardcoded Credentials (CVE-2022-26138)
2022-08-08 00:00:00
nessus
nessus
Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)
2022-07-21 00:00:00
Questions for Confluence App Default Credentials (CVE-2022-26138)
2022-08-12 00:00:00
cisa
cisa
Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138
2022-07-22 00:00:00
talosblog
talosblog
Threat Source newsletter (Aug. 4, 2022) — BlackHat 2022 preview
2022-08-04 18:00:00
cvelist
cvelist
CVE-2022-26138
2022-07-20 00:00:00
attackerkb
attackerkb
CVE-2022-26138
2022-07-20 00:00:00
atlassian
atlassian
Questions For Confluence App - Hardcoded Password
2022-07-08 17:06:14
prion
prion
Hardcoded credentials
2022-07-20 18:15:00
cisa_kev
cisa_kev
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
2022-07-29 00:00:00
nuclei
nuclei
Atlassian Questions For Confluence - Hardcoded Credentials
2022-07-21 15:23:23
qualysblog
qualysblog
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
2022-08-17 10:12:53
Introducing Qualys Threat Research Thursdays
2022-09-01 21:00:00
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
2022-08-09 20:00:00
hivepro
hivepro
Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild
2022-07-25 11:10:10
rapid7blog
rapid7blog
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
2022-07-27 19:26:38
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
2022-09-20 15:14:26
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
2022-08-17 12:55:18
avleonov
avleonov
Vulnerability Management news and publications #2
2022-08-14 11:30:44

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.972 High

EPSS

Percentile

99.8%

JSON
Related for CVE-2022-26138
thn3githubexploit2checkpoint_advisories1nessus2cisa1talosblog1cvelist1attackerkb1atlassian1prion1cisa_kev1nuclei1qualysblog3hivepro1rapid7blog4avleonov1