CVE-2022-26138CISA KEV: Actively Exploited

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Published Jul 29, 2022·Updated Jul 29, 2022

Description

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

Public Exploits & PoCs4 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free