Atlassian fixes critical Confluence hardcoded credentials flaw

Home/Security Advisory, Security Update, vulnerability/Atlassian fixes critical Confluence hardcoded credentials flaw

Atlassian fixes critical Confluence hardcoded credentials flaw

Atlassian has patched a crucial hardcoded credentials vulnerability in Confluence Server and Information Heart that would let distant, unauthenticated attackers log into weak, unpatched servers.

One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a specially crafted HTTP request to bypass custom Servlet Filters used by third-party apps to enforce authentication.

“Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability,” it added.

The second flaw – CVE-2022-26137 – is a cross-origin resource sharing (CORS) bypass.

Affected Version

Update to a patch version

Admins who want to determine if their servers are affected by this hardcoded credentials security flaw have to check for an active user account with the following info:

  • User: disabledsystemuser
  • Username: disabledsystemuser
  • Email: dontdeletethisuser@email.com

If this account does not show up in the list of active users, the Confluence instance is not affected.

Updating the Questions for Confluence app to a fixed version (versions 2.7.x >= 2.7.38 or versions higher than 3.0.5) will stop creating the problematic user account and remove it if present.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2022-07-21T14:27:48+05:30 July 21st, 2022|Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!