SB2022072509 - Hard-coded credentials in Questions For Confluence app for Confluence Server and Data Center

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022072509

SB2022072509 - Hard-coded credentials in Questions For Confluence app for Confluence Server and Data Center

Published: July 25, 2022 Updated: September 25, 2022

Security Bulletin ID SB2022072509
Severity
Critical
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Embedded malicious code (backdoor) (CVE-ID: CVE-2022-26138)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of a hardcoded disabledsystemuser account after installing the affected version of Questions for Confluence app. A remote attacker can login to the Confluence Server or Confluence Data Center instance using the hardcoded credentials and compromise the instance.

Note, the account is not removed from the system after app removal. Therefore, if the affected version of Questions for Confluence app was previously installed and later removed, the backdoor account remains active on the system.

There is a high chance the vulnerability is being actively exploited in the wild due to public vulnerability disclosure.


Remediation

Install update from vendor's website.

References