Security Advisory

CVE-2022-26138

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-20 17:25:26

Last updated 2026-01-12 21:22:06

Assigner atlassian

State PUBLISHED

Description

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

← Browse all CVEs View on cve.org ↗