CVE-2022-26138

CRITICAL KEV RANSOMWARE NUCLEI

Atlassian Questions For Confluence - Hardcoded Credentials

Title source: nuclei

Description

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Exploits (4)

nomisec WORKING POC 31 stars
by alcaparra · remote
https://github.com/alcaparra/CVE-2022-26138
nomisec SCANNER 15 stars
by z92g · remote
https://github.com/z92g/CVE-2022-26138
nomisec WRITEUP 3 stars
by Vulnmachines · poc
https://github.com/Vulnmachines/Confluence-Question-CVE-2022-26138-
nomisec SCANNER
by shavchen · poc
https://github.com/shavchen/CVE-2022-26138

Nuclei Templates (1)

Atlassian Questions For Confluence - Hardcoded Credentials
CRITICALby HTTPVoid
Shodan: http.component:"Atlassian Confluence" || http.component:"atlassian confluence"

References (3)

Scores

CVSS v3 9.8
EPSS 0.9432
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-07-29
VulnCheck KEV 2022-07-29
InTheWild.io 2022-07-24
ENISA EUVD EUVD-2022-30705
Ransomware Use Confirmed
CWE
CWE-798
Status published
Products (3)
atlassian/questions_for_confluence 2.7.34
atlassian/questions_for_confluence 2.7.35
atlassian/questions_for_confluence 3.0.2
Published Jul 20, 2022
KEV Added Jul 29, 2022
Tracked Since Feb 18, 2026