CVE-2022-26138

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

La aplicación Atlassian Questions For Confluence para Confluence Server y Data Center crea una cuenta de usuario de Confluence en el grupo confluence-users con el nombre de usuario disabledsystemuser y una contraseña embebida. Un atacante remoto no autenticado que conozca la contraseña embebida podría explotar esta situación para iniciar sesión en Confluence y acceder a todo el contenido accesible para usuarios del grupo confluence-users. Esta cuenta de usuario es creada cuando son instaladas las versiones 2.7.34, 2.7.35 y 3.0.2 de la aplicación

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-25 CVE Reserved
2022-07-20 CVE Published
2022-07-22 First Exploit
2022-07-29 Exploited in Wild
2022-08-19 KEV Due Date
2024-09-17 CVE Updated
2024-11-08 EPSS Updated

CWE

CWE-798: Use of Hard-coded Credentials

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC
https://github.com/alcaparra/CVE-2022-26138	2022-07-26
https://github.com/z92g/CVE-2022-26138	2022-07-30
https://github.com/Vulnmachines/Confluence-Question-CVE-2022-26138-	2022-07-28
https://github.com/shavchen/CVE-2022-26138	2022-07-22

URL	Date	SRC
https://jira.atlassian.com/browse/CONFSERVER-79483	2022-08-04

URL	Date	SRC
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html	2022-08-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	2.7.34 Search vendor "Atlassian" for product "Questions For Confluence" and version "2.7.34"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"	-	-	Safe
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	2.7.34 Search vendor "Atlassian" for product "Questions For Confluence" and version "2.7.34"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Server Search vendor "Atlassian" for product "Confluence Server"	-	-	Safe
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	2.7.35 Search vendor "Atlassian" for product "Questions For Confluence" and version "2.7.35"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"	-	-	Safe
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	2.7.35 Search vendor "Atlassian" for product "Questions For Confluence" and version "2.7.35"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Server Search vendor "Atlassian" for product "Confluence Server"	-	-	Safe
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	3.0.2 Search vendor "Atlassian" for product "Questions For Confluence" and version "3.0.2"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Data Center Search vendor "Atlassian" for product "Confluence Data Center"	-	-	Safe
Atlassian Search vendor "Atlassian"	Questions For Confluence Search vendor "Atlassian" for product "Questions For Confluence"	3.0.2 Search vendor "Atlassian" for product "Questions For Confluence" and version "3.0.2"	-	Affected	in	Atlassian Search vendor "Atlassian"	Confluence Server Search vendor "Atlassian" for product "Confluence Server"	-	-	Safe