Every week after Atlassian rolled out patches to comprise a vital flaw in its Questions For Confluence app for Confluence Server and Confluence Knowledge Middle, the shortcoming has now come below energetic exploitation within the wild.
The bug in query is CVE-2022-26138, which considerations the usage of a hard-coded password within the app that may very well be exploited by a distant, unauthenticated attacker to realize unrestricted entry to all pages in Confluence.
The actual-world exploitation follows the discharge of the hard-coded credentials on Twitter, prompting the Australian software program firm to prioritize patches to mitigate potential threats concentrating on the flaw.
“Unsurprisingly, it did not take lengthy […] to look at exploitation as soon as the hard-coded credentials have been launched, given the excessive worth of Confluence for attackers who typically soar on Confluence vulnerabilities to execute ransomware assaults,” Rapid7 safety researcher Glenn Thorpe stated.
It is value noting that the bug solely exists when the Questions for Confluence app is enabled. That stated, uninstalling the Questions for Confluence app doesn’t remediate the flaw, because the created account doesn’t get robotically eliminated after the app has been uninstalled.
Customers of the affected product are suggested to replace their on-premise cases to the newest variations (2.7.38 and three.0.5) as quickly as attainable, or take steps to disable/delete the account.
The event additionally arrives as Palo Alto Networks, in its 2022 Unit 42 Incident Response Report, discovered that menace actors are scanning for weak endpoints inside quarter-hour of public disclosure of a brand new safety flaw.
