Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2022-26138
HistoryJul 29, 2022 - 12:00 a.m.

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

2022-07-2900:00:00
CISA
www.cisa.gov
6
atlassian
confluence
hard-coded
credentials
plaintext
remote attacker
unauthenticated
confluence-users group

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.972

Percentile

99.9%

JSON

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

Related

thn 3
nvd 1
githubexploit 2
prion 1
nuclei 1
nessus 2
cisa 1
checkpoint_advisories 1
cve 1
attackerkb 1
talosblog 1
atlassian 1
cvelist 1
qualysblog 3
hivepro 1
rapid7blog 4
ics 1
avleonov 1
thn
thn
Latest Critical Atlassian Confluence Vulnerability Under Active Exploitation
2022-07-29 03:19:00
CISA Warns of Atlassian Confluence Hard-Coded Credential Bug Exploited in Attacks
2022-07-30 03:54:00
Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability
2022-07-21 08:41:00
nvd
nvd
CVE-2022-26138
2022-07-20 18:15:08
githubexploit
githubexploit
Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence
2022-07-30 07:14:52
Exploit for Use of Hard-coded Credentials in Atlassian Questions For Confluence
2022-07-28 09:48:21
prion
prion
Hardcoded credentials
2022-07-20 18:15:00
nuclei
nuclei
Atlassian Questions For Confluence - Hardcoded Credentials
2022-07-21 15:23:23
nessus
nessus
Questions for Confluence App Default Credentials (CVE-2022-26138)
2022-08-12 00:00:00
Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)
2022-07-21 00:00:00
cisa
cisa
Atlassian Releases Security Advisory for Questions for Confluence App, CVE-2022-26138
2022-07-22 00:00:00
checkpoint_advisories
checkpoint_advisories
Atlassian Questions for Confluence App Hardcoded Credentials (CVE-2022-26138)
2022-08-08 00:00:00
cve
cve
CVE-2022-26138
2022-07-20 18:15:08
attackerkb
attackerkb
CVE-2022-26138
2022-07-20 00:00:00
talosblog
talosblog
Threat Source newsletter (Aug. 4, 2022) β€” BlackHat 2022 preview
2022-08-04 18:00:00
atlassian
atlassian
Questions For Confluence App - Hardcoded Password
2022-07-08 17:06:14
cvelist
cvelist
CVE-2022-26138
2022-07-20 17:25:26
qualysblog
qualysblog
Atlassian Confluence: Questions for Confluence App Hardcoded Credentials Vulnerability (CVE-2022-26138)
2022-08-17 10:12:53
Introducing Qualys Threat Research Thursdays
2022-09-01 21:00:00
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
2022-08-09 20:00:00
hivepro
hivepro
Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild
2022-07-25 11:10:10
rapid7blog
rapid7blog
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138
2022-07-27 19:26:38
CVE-2022-36804: Easily Exploitable Vulnerability in Atlassian Bitbucket Server and Data Center
2022-09-20 15:14:26
Active Exploitation of Multiple Vulnerabilities in Zimbra Collaboration Suite
2022-08-17 12:55:18
ics
ics
Russian Military Cyber Actors Target US and Global Critical Infrastructure
2024-09-05 12:00:00
avleonov
avleonov
Vulnerability Management news and publications #2
2022-08-14 11:30:44

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.972

Percentile

99.9%

JSON
Related for CISA-KEV-CVE-2022-26138
thn3nvd1githubexploit2prion1nuclei1nessus2cisa1checkpoint_advisories1cve1attackerkb1talosblog1atlassian1cvelist1qualysblog3hivepro1rapid7blog4ics1avleonov1