Exploitation of Recent Confluence Vulnerability Underway
Cybersecurity organizations warn that a recently patched vulnerability in the Questions for Confluence application is already being exploited in attacks. Questions for Confluence is an application designed to help Confluence users obtain information, share information with others, and to seek counsel from experts when necessary. Tracked as CVE-2022-26138 and considered ‘critical severity’, the issue exists because, when enabled on Confluence Server and Data Center, the Questions for Confluence application creates a user account with a hardcoded password. Atlassian released patches for this issue a week ago, warning that “a remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to.” Days after fixes were rolled out, the company updated its advisory to warn that someone had made public the hardcoded password, urging organizations to update their deployments as soon as possible. “This issue is likely to be exploited in the wild now that the hardcoded password is publicly known. This vulnerability should be remediated on affected systems immediately,” Atlassian said. Shadowserver observed in-the-wild exploitation of the security flaw.