Main Vulnerability Database Exploits ID:8195 - Exploit for Embedded malicious code (backdoor) in Questions for Confluence - CVE-2022-26138

ID:8195 - Exploit for Embedded malicious code (backdoor) in Questions for Confluence - CVE-2022-26138

Published: July 30, 2022

Vulnerability identifier: #VU65739

Vulnerability risk: Critical

CVE-ID: CVE-2022-26138

CWE-ID: CWE-506

Exploitation vector: Remote access

Vulnerable software:
Questions for Confluence

Link to public exploit:

https://github.com/z92g/CVE-2022-26138

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of a hardcoded disabledsystemuser account after installing the affected version of Questions for Confluence app. A remote attacker can login to the Confluence Server or Confluence Data Center instance using the hardcoded credentials and compromise the instance.

Note, the account is not removed from the system after app removal. Therefore, if the affected version of Questions for Confluence app was previously installed and later removed, the backdoor account remains active on the system.

There is a high chance the vulnerability is being actively exploited in the wild due to public vulnerability disclosure.

Remediation

Install updates from vendor's website.

ID:8195 - Exploit for Embedded malicious code (backdoor) in Questions for Confluence - CVE-2022-26138

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human