1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Known Exploited Vulnerabilities CVE-2022-26138

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-26138 Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability exploitation_technique T1552.001 Credentials In Files
Comments
CVE-2022-26138 is a hard-coded credentials vulnerability in the "Questions for Confluence" app.
References
  1. https://x.com/cyb3rops/status/1550119301004201984
  2. https://securitytrails.com/blog/atlassian-confluence-vulnerability-remote-access-hard-coded-pass-cve-2022-26138