Skip to main content
All vulnerabilities
CVE-2022-26138

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

AtlassianConfluence

Added to KEV catalog
29 July 2022
Federal remediation due date
19 August 2022
Weakness classification (CWE)
CWE-798

CISA Description

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

Required action

Apply updates per vendor instructions.

Notes

https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html; https://nvd.nist.gov/vuln/detail/CVE-2022-26138

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services