Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Atlassian Releases Patches to Fix Critical Confluence Flaw

Atlassian has disclosed a new critical flaw in its Confluence Server and Data Center products. The company explained in its security advisory that the vulnerability (CVE-2022-26138) lets unauthorized users use hardcoded credentials to get full access to Confluence.

According to Atlassian, the flaw exists in its Questions for Confluence app. It is designed to help employees share knowledge and connect with their co-workers via questions and answers. The app provides searching, filtering, and sorting options to make it easier for users to find relevant information. It is currently deployed on more than 8,000 Confluence servers worldwide.

Essentially, the Questions for Confluence app creates a default user account with a hard-coded user name and password “disabledsystemuser.” This approach helps to facilitate data migrations from the app to the cloud. However, the hard-coded password could be abused by hackers to log in to vulnerable servers.

“The disabledsystemuser account is created with a hardcoded password and is added to the confluence-users group, which allows viewing and editing all non-restricted pages within Confluence by default. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to,” the company explained.

Atlassian recommends updating to a patched version

Atlassian has confirmed that the problem affects all companies using the Questions for Confluence app version 2.7.x and 3.0.x. However, it doesn’t impact Confluence Cloud customers.

The company recommends that organizations should install the latest Questions for Confluence update (versions 2.7.x >= 2.7.38 or versions higher than 3.0.5). Alternatively, customers can disable or delete the “disabledsystemuser” account to mitigate the issue.

Atlassian has acknowledged that attackers have yet to exploit the security flaw. That said, it has encouraged IT admins to check for the last authentication time for the specific account by following this step-by-step guide. This should help them find any exploitation attempts on vulnerable servers.

by Rabia Noureen
Jul 21, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
The Dirty Truth About IT Offboarding Automation

Jul 21, 2023
Aug 25, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.