![]() That’s precisely what researchers at cybersecurity firm Rapid7 discovered. Since the hard-coded password leaked on Twitter, Atlassian deemed the issue severe, adding that the vulnerability will likely be exploited in the wild. “A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access any pages the confluence-users group has access to,” the company said. Last week the company announced a critical vulnerability, CVE-2022-26138, in its Questions for Confluence app that allows users to receive support on Atlassian products. Problems mount for Atlassian as threat actors find exploits for the latest bugs in the company’s Confluence platform. Researchers claim that hard-coded password vulnerability in the Atlassian Questions For Confluence app has been under active exploitation.
0 Comments
Leave a Reply. |