CVE-2022-26138

NVD Published Date: July 20, 2022 at 06:15 PM
NVD Last Modified: August 04, 2022 at 02:13 PM
Download Patch
Vulnerability ID
CVE-2022-26138
Severity
CRITICAL
Severity Score
9.8
Summary
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-798

Recent Publish

CVE-2022-37042

CVE-2022-35914

CVE-2024-8087

CVE-2024-8086

CVE-2024-38210

CVE-2024-38208

See SecOps Solution
in action

Schedule Demo