Описание
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Ссылки
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
- Vendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.
Уязвимость приложения Questions for Confluence веб-сервера Atlassian Confluence Server и дата центра Confluence Data Center, связанная с возможностью использования жестко закодированных учетных данных, позволяющая нарушителю получить полный доступ к программному обеспечению с правами группы confluence-users
EPSS
9.8 Critical
CVSS3