CVE-2022-26138 - OpenCVE

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Atlassian	Confluence Data Center Questions For Confluence Confluence Server

Configuration 1 [-]

AND

OR	cpe:2.3:a:atlassian:questions_for_confluence:2.7.34:::::::*
	cpe:2.3:a:atlassian:questions_for_confluence:2.7.35:::::::*
	cpe:2.3:a:atlassian:questions_for_confluence:3.0.2:::::::*

OR	cpe:2.3:a:atlassian:confluence_data_center:-:::::::*
	cpe:2.3:a:atlassian:confluence_server:-:::::::*

References

Link	Resource
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html	Vendor Advisory
https://jira.atlassian.com/browse/CONFSERVER-79483	Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: atlassian

Published: 2022-07-20T00:00:00

Updated: 2022-07-20T17:25:26

Reserved: 2022-02-25T00:00:00

Link: CVE-2022-26138

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-20T18:15:08.617

Modified: 2022-08-04T14:13:04.353

Link: CVE-2022-26138

JSON object: View

Redhat Information

No data.

CWE

CWE-798

{"containers": {"cna": {"affected": [{"product": "Questions For Confluence", "vendor": "Atlassian", "versions": [{"status": "affected", "version": "2.7.34"}, {"status": "affected", "version": "2.7.35"}, {"status": "affected", "version": "3.0.2"}]}], "datePublic": "2022-07-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "Use of Hard-coded Credentials (CWE-798)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-20T17:25:26", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"}, {"tags": ["x_refsource_MISC"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2022-07-20T00:00:00", "ID": "CVE-2022-26138", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Questions For Confluence", "version": {"version_data": [{"version_affected": "=", "version_value": "2.7.34"}, {"version_affected": "=", "version_value": "2.7.35"}, {"version_affected": "=", "version_value": "3.0.2"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Use of Hard-coded Credentials (CWE-798)"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/CONFSERVER-79483", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"}, {"name": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html", "refsource": "MISC", "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2022-26138", "datePublished": "2022-07-20T00:00:00", "dateReserved": "2022-02-25T00:00:00", "dateUpdated": "2022-07-20T17:25:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"cisaActionDue": "2022-08-19", "cisaExploitAdd": "2022-07-29", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:questions_for_confluence:2.7.34:*:*:*:*:*:*:*", "matchCriteriaId": "A0CE5D29-4DCB-48E5-9F1E-E603E5F6C27E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:questions_for_confluence:2.7.35:*:*:*:*:*:*:*", "matchCriteriaId": "60DEB66E-75A9-4C34-9E06-037BE1B263EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:questions_for_confluence:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8AD33916-41E6-45BB-A6CC-9ECD4F11A529", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence_data_center:-:*:*:*:*:*:*:*", "matchCriteriaId": "E5AB7C4D-ED56-4AB5-BD03-CA807D11C46E", "vulnerable": false}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:-:*:*:*:*:*:*:*", "matchCriteriaId": "A9157ABD-3C98-4742-AE63-EAD7504CDB22", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app."}, {"lang": "es", "value": "La aplicaci\u00f3n Atlassian Questions For Confluence para Confluence Server y Data Center crea una cuenta de usuario de Confluence en el grupo confluence-users con el nombre de usuario disabledsystemuser y una contrase\u00f1a embebida. Un atacante remoto no autenticado que conozca la contrase\u00f1a embebida podr\u00eda explotar esta situaci\u00f3n para iniciar sesi\u00f3n en Confluence y acceder a todo el contenido accesible para usuarios del grupo confluence-users. Esta cuenta de usuario es creada cuando son instaladas las versiones 2.7.34, 2.7.35 y 3.0.2 de la aplicaci\u00f3n"}], "id": "CVE-2022-26138", "lastModified": "2022-08-04T14:13:04.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-20T18:15:08.617", "references": [{"source": "security@atlassian.com", "tags": ["Vendor Advisory"], "url": "https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html"}, {"source": "security@atlassian.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-79483"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-798"}], "source": "security@atlassian.com", "type": "Secondary"}]}