The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Friday added the lately disclosed Atlassian safety flaw to its Recognized Exploited Vulnerabilities Catalog, based mostly on proof of lively exploitation.
The vulnerability, tracked as CVE-2022-26138, considerations the usage of hard-coded credentials when the Questions For Confluence app is enabled in Confluence Server and Knowledge Middle cases.
“A distant unauthenticated attacker can use these credentials to log into Confluence and entry all content material accessible to customers within the confluence-users group,” CISA notes in its advisory.
Relying on the web page restrictions and the data an organization has in Confluence, profitable exploitation of the shortcoming might result in the disclosure of delicate data.
Though the bug was addressed by the Atlassian software program firm final week in variations 2.7.38 and three.0.5, it has since come beneath lively exploitation, cybersecurity agency Rapid7 disclosed this week.
“Exploitation efforts at this level don’t appear to be very widespread, although we count on that to vary,” Erick Galinkin, principal AI researcher at Rapid7, informed The Hacker Information.
“The excellent news is that the vulnerability is within the Questions for Confluence app and not in Confluence itself, which reduces the assault floor considerably.”
With the flaw now added to the catalog, Federal Civilian Govt Department (FCEB) within the U.S. are mandated to use patches by August 19, 2022, to cut back their publicity to cyberattacks.
“At this level, the vulnerability has been public for a comparatively quick period of time,” Galinkin famous. “Coupled with the absence of significant post-exploitation exercise, we do not but have any risk actors attributed to the assaults.”
