Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of tricky-coded credentials impacting the Questions For Confluence app for Confluence Server and Confluence Data Center.
The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two providers, triggering it to generate a Confluence consumer account with the username “disabledsystemuser.”
When this account, Atlassian states, is to aid directors migrate data from the app to Confluence Cloud, it is really also designed with a difficult-coded password, efficiently enabling viewing and editing all non-restricted webpages within Confluence by default.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“A remote, unauthenticated attacker with information of the really hard-coded password could exploit this to log into Confluence and accessibility any internet pages the confluence-users team has entry to,” the business explained in an advisory, incorporating that “the hard-coded password is trivial to acquire just after downloading and examining affected versions of the app.”
Questions for Confluence versions 2.7.34, 2.7.35, and 3..2 are impacted by the flaw, with fixes available in versions 2.7.38 and 3..5. Alternatively, end users can disable or delete the disabledsystemuser account.
When Atlassian has pointed out that there is certainly no evidence of lively exploitation of the flaw, end users can glimpse for indicators of compromise by checking the final authentication time for the account. “If the very last authentication time for disabledsystemuser is null, that signifies the account exists but no just one has at any time logged into it,” it explained.
Individually, the Australian application corporation also moved to patch a pair of critical flaws, which it phone calls servlet filter dispatcher vulnerabilities, impacting a number of merchandise –
- Bamboo Server and Information Center
- Bitbucket Server and Facts Heart
- Confluence Server and Knowledge Center
- Crowd Server and Details Heart
- Fisheye and Crucible
- Jira Server and Knowledge Center, and
- Jira Company Management Server and Data Heart
Productive exploitation of the bugs, tracked as CVE-2022-26136 and CVE-2022-26137, could help an unauthenticated, distant attacker to bypass authentication made use of by 3rd-party applications, execute arbitrary JavaScript code, and circumvent the cross-origin source sharing (CORS) browser mechanism by sending a specially crafted HTTP request.
“Atlassian has produced updates that correct the root bring about of this vulnerability, but has not exhaustively enumerated all opportunity outcomes of this vulnerability,” the corporation cautioned in its advisory regarding CVE-2022-26137.
Uncovered this post exciting? Abide by THN on Fb, Twitter and LinkedIn to read through much more exceptional material we publish.
Some areas of this short article are sourced from:
thehackernews.com
FBI Seizes $500,000 Ransomware Payments and Crypto from North Korean Hackers