CVE-2022-26138

Description from NVD

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Information Acquisition Date:2022-08-04T14:54Z
CVSS 2.0: 0.0 None CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
     source:MISC
     tags:Vendor Advisory    
 https://jira.atlassian.com/browse/CONFSERVER-79483
     source:MISC
     tags:Issue Tracking    Patch    Vendor Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://cvetrends.com55
https://lists.astaro.com/ASGV9-IPS-rules.html#036
https://us-cert.cisa.gov/ncas/current-activity/2022/07/22/a...11
https://thehackernews.com/2022/07/atlassian-releases-patch-...9
https://cybersec.vulcan.io/s/how-to-fix-cve-2022-26138-in-a...8
https://confluence.atlassian.com/doc/questions-for-confluen...6
https://github.com/z92g/CVE-2022-261384
https://blog.qualys.com/vulnerabilities-threat-research/202...4
https://twitter.com/fluepke/status/15498920891812577293
https://www.cve.org/CVERecord?id=CVE-2022-261383
https://www.cisa.gov/uscert/ncas/current-activity/2022/07/2...3
https://www.rapid7.com/blog/post/2022/07/27/active-exploita...3
https://tweetedtimes.com/infowaropcenter?s=tnp3
https://securityaffairs.co/wordpress/133798/hacking/atlassi...3
https://www.darkreading.com/cloud/patch-now-atlassian-confl...3
https://www.securityweek.com/exploitation-recent-confluence...3
https://www.bleepingcomputer.com/news/security/cisa-warns-o...3

Information from Twitter

User URL Info Source Date
ipssignatures https://twitter.com/Vulnmachines/status/1553019717798936576 Source ipssignatures    1640565882375028737 2023/03/28

List of frequently cited URLs

URLNum of Times Referred to
cvetrends.com55
lists.astaro.com36
us-cert.cisa.gov11
thehackernews.com9
cybersec.vulcan.io8
confluence.atlassian.com6
github.com4
blog.qualys.com4
twitter.com3
www.cve.org3
www.cisa.gov3
www.rapid7.com3
tweetedtimes.com3
securityaffairs.co3
www.darkreading.com3
www.securityweek.com3
www.bleepingcomputer.com3

Information from Twitter

User URL Info Source
ipssignatures twitter.com Show Tweet
GitHub Search Results: Up to 10
NameURL
alcaparra/CVE-2022-26138 https://github.com/alcaparra/CVE-2022-26138
z92g/CVE-2022-26138 https://github.com/z92g/CVE-2022-26138
1mxml/CVE-2022-26138 https://github.com/1mxml/CVE-2022-26138
Vulnmachines/Confluence-Question-CVE-2022-26138- https://github.com/Vulnmachines/Confluence-Question-CVE-2022-26138-
Daro1967/CVE-2022-26138-RCE https://github.com/Daro1967/CVE-2022-26138-RCE
GitHub Search Results: Up to 10
NameURL
alcaparra/CVE-2022-26138 github.com
z92g/CVE-2022-26138 github.com
1mxml/CVE-2022-26138 github.com
Vulnmachines/Confluence-Question-CVE-2022-26138- github.com
Daro1967/CVE-2022-26138-RCE github.com
2023/03/28 Score : 0
Added Har-sia Database : 2022/07/21
Last Modified : 2023/03/28
Highest Scored Date : 2022/07/21
Highest Score : 67