CVE-2022-26138 - Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Atlassian | Confluence
- Date Added:
- 2022-07-29
- Due Date:
- 2022-08-19
- Vulnerability Name
Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability
- Description
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html; https://nvd.nist.gov/vuln/detail/CVE-2022-26138
Free online web security scanner