CVE-2022-26138: Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
First published: Wed Jul 20 2022(Updated: )
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Credit: security@atlassian.com security@atlassian.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atlassian Questions For Confluence | =2.7.34 | |
| Atlassian Questions For Confluence | =2.7.35 | |
| Atlassian Questions For Confluence | =3.0.2 | |
| Atlassian Confluence Data Center | ||
| Atlassian Confluence Server | ||
| Atlassian Confluence | ||
| All of | ||
| Any of | ||
| Atlassian Questions For Confluence | =2.7.34 | |
| Atlassian Questions For Confluence | =2.7.35 | |
| Atlassian Questions For Confluence | =3.0.2 | |
| Any of | ||
| Atlassian Confluence Data Center | ||
| Atlassian Confluence Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
- https://jira.atlassian.com/browse/CONFSERVER-79483
- https://www.theregister.com/2024/09/05/uncle_sam_charges_russian_gru/
- https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html;
- https://nvd.nist.gov/vuln/detail/CVE-2022-26138
Frequently Asked Questions
What is CVE-2022-26138?
CVE-2022-26138 is a vulnerability in the Atlassian Questions For Confluence app that allows remote, unauthenticated attackers to exploit hard-coded credentials.
What is the severity of CVE-2022-26138?
CVE-2022-26138 has a severity rating of 9.8 (critical).
Which software versions are affected by CVE-2022-26138?
CVE-2022-26138 affects Atlassian Questions For Confluence versions 2.7.34, 2.7.35, and 3.0.2.
How can remote, unauthenticated attackers exploit CVE-2022-26138?
Remote, unauthenticated attackers with knowledge of the hardcoded password can exploit CVE-2022-26138.
Are Atlassian Confluence Data Center and Atlassian Confluence Server affected by CVE-2022-26138?
No, Atlassian Confluence Data Center and Atlassian Confluence Server are not affected by CVE-2022-26138.
- collector/nvd-index
- agent/type
- agent/description
- agent/remedy
- agent/title
- agent/severity
- agent/weakness
- collector/the-register
- source/The Register
- alias/CVE-2021-33044
- alias/CVE-2021-33045
- alias/CVE-2022-26134
- alias/CVE-2022-26138
- alias/CVE-2022-3236
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/tags
- agent/trending
- agent/source
- vendor/atlassian
- canonical/atlassian questions for confluence
- version/atlassian questions for confluence/2.7.34
- version/atlassian questions for confluence/2.7.35
- version/atlassian questions for confluence/3.0.2
- canonical/atlassian confluence data center
- canonical/atlassian confluence server
- canonical/atlassian confluence