← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-26138 — Actively Exploited: Confluence (Atlassian)

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

CVE IDCVE-2022-26138
VendorAtlassian
ProductConfluence
Vulnerability nameAtlassian Questions For Confluence App Hard-coded Credentials Vulnerability
Date added2022-07-29
Remediation due2022-08-19
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionAtlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →