Main Vulnerability Database Vulnerabilities #VU65739

#VU65739 Embedded malicious code (backdoor) in Questions for Confluence - CVE-2022-26138

Published: July 25, 2022 / Updated: September 25, 2022

Vulnerability identifier: #VU65739

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2022-26138

CWE-ID: CWE-506

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Questions for Confluence

Software vendor:
Atlassian

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of a hardcoded disabledsystemuser account after installing the affected version of Questions for Confluence app. A remote attacker can login to the Confluence Server or Confluence Data Center instance using the hardcoded credentials and compromise the instance.

Note, the account is not removed from the system after app removal. Therefore, if the affected version of Questions for Confluence app was previously installed and later removed, the backdoor account remains active on the system.

There is a high chance the vulnerability is being actively exploited in the wild due to public vulnerability disclosure.

Remediation

Install updates from vendor's website.

#VU65739 Embedded malicious code (backdoor) in Questions for Confluence - CVE-2022-26138

Description

Remediation

External links

Please verify you're human