Critical Vulnerability in Atlassian's Confluence Server and Confluence Data Center

Published on 21 Jul 2022

Updated on 21 Jul 2022

Atlassian has released a security update to address a critical vulnerability (CVE-2022-26138) in their Confluence Server and Data Center products.

Successful exploitation of this vulnerability may allow an unauthenticated attacker to log into unpatched Confluence servers and access any non-restricted content.

The following versions of Questions for Confluence app are affected:

  • Version 2.7.34
  • Version 2.7.35
  • Version 3.0.2

 

Administrators and users who are using affected versions of the products are advised to upgrade to the latest versions immediately.

References:

https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-confluence-hardcoded-credentials-flaw/