All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2022-26138
NONEKEVpublish date unavailable
CVSS / 10
// description
Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2022-07-29 00:00 UTC