Patch Now: Atlassian Confluence Bug Under Active Exploit

  /     /     /  
Publicated : 23/11/2024   Category : security


Patch Now: Atlassian Confluence Bug Under Active Exploit


Attackers almost immediately leapt on a just-disclosed bug, CVE-2022-26138, affecting Atlassian Confluence, which allows remote, unauthenticated actors unfettered access to Confluence data.



A critical Atlassian Confluence vulnerability that was disclosed last week is now being actively exploited in the wild, researchers are warning.
According to researchers at Rapid7, the bug in question (
CVE-2022-26138, one of three patched last week
) is due to a hardcoded password in the Questions for Confluence app, which would allow cyberattackers to gain complete access to data within the on-premises Confluence Server and Confluence Data Center platforms.
More specifically, once installed, the Questions for Confluence app will create a user account with a hard-coded password and add the account to a user group, which allows access to all nonrestricted pages in Confluence, according to
Rapid7s posting
. This easily allows a remote, unauthenticated attacker to browse an organization’s Confluence instance.
The stakes are high. Many organizations use Confluence for project management and collaboration among teams scattered across on-premises and remote locations. Often Confluence environments can house sensitive data on projects that an organization might be working on, or house it on its customers and partners.
Organizations are urged to patch quickly because the password was made public last week, prompting emergency action by Atlassian. Confluence is unfortunately a popular target for attackers, as evidenced by the
active exploitation
of the bug tracked as CVE-2022-26134 in June, used to spread ransomware.
Admins should note: The bug only exists when the Questions for Confluence app is enabled, and it does not impact the Confluence Cloud instance. However, crucially, “uninstalling the Questions for Confluence app does not remediate this vulnerability, according to Atlassians advisory last week.
Confluence has had no shortage of headlines, Rick Holland, CISO at Digital Shadows, said via email. Hardcoded passwords significantly increase the likelihood of exploitation, especially when the passwords become widely shared. If you play soccer, hardcoded passwords are own goals. Adversaries score enough goals alone; we dont need to put the ball in our own net. Never use hardcoded passwords; take the time to set up proper authentication and minimize future risks.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Patch Now: Atlassian Confluence Bug Under Active Exploit