Actively exploited vulnerability

CVE-2022-26138: Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

CISA KEV source 29 Jul 2022 added 19 Aug 2022 remediation due

Affected product

Atlassian · Confluence

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2022-26138.

Bleeping Computer30 Jul 2022

CISA warns of critical Confluence bug exploited in attacks

CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. [...]