Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak By Orbit Brain July 25, 2022 0 301 views Residence › VulnerabilitiesAtlassian Expects Confluence App Exploitation After Hardcoded Password LeakBy Ionut Arghire on July 25, 2022TweetAtlassian has warned prospects {that a} vulnerability in Questions for Confluence will doubtless be utilized in assaults after somebody made public a chunk of data wanted to use a not too long ago addressed vulnerability.A information sharing software, Questions for Confluence helps Confluence customers shortly entry info or share it with others, in addition to to attach with specialists when wanted. The appliance is a paid, optionally available add-on and isn’t put in by default on Confluence.Final week, Atlassian introduced patches for a crucial vulnerability within the software that impacts the Confluence Server and Knowledge Heart merchandise.Tracked as CVE-2022-26138, the safety subject exists as a result of, when enabled on the impacted merchandise, Questions for Confluence creates a consumer account with the username disabledsystemuser and a hardcoded password.As a result of the consumer account is added to the confluence-users group, it has entry to non-restricted pages inside Confluence.Late final week, Atlassian up to date its advisory to warn that somebody has made the hardcoded password public, and to supply further info on find out how to resolve the bug and search for indicators of compromise.“An exterior social gathering has found and publicly disclosed the hardcoded password on Twitter. You will need to remediate this vulnerability on affected techniques instantly,” Atlassian’s up to date advisory reads.“This subject is more likely to be exploited within the wild now that the hardcoded password is publicly identified. This vulnerability ought to be remediated on affected techniques instantly,” the advisory continues.In response to Atlassian, Questions for Confluence at the moment has over 8,000 installations. Methods working Questions for Confluence 2.7.34, 2.7.35, or 3.0.2 are impacted, even when the applying has been eliminated.“Uninstalling the Questions for Confluence app doesn’t remediate this vulnerability. The disabledsystemuser account doesn’t routinely get eliminated after the app has been uninstalled,” Atlassian warns.The vulnerability was resolved with the discharge of Questions for Confluence variations 2.7.38 (suitable with Confluence 6.13.18 via 7.16.2) and three.0.5 (suitable with Confluence 7.16.Three and later), which not include the hardcoded password and likewise take away the disabledsystemuser account if it was beforehand created.Nonetheless, Atlassian warns that, if Confluence is configured to make use of a read-only exterior listing, customers have to manually seek for the disabledsystemuser consumer account and delete or disable it.“We suggest updating the Questions for Confluence app which can take away this consumer from the system. If this is not attainable for any cause, you need to disable or delete the consumer,” Atlassian notes in an FAQ for CVE-2022-26138.Associated: Atlassian Patches Servlet Filter Vulnerabilities Impacting A number of MerchandiseAssociated: Cisco Patches Extreme Vulnerabilities in Nexus DashboardAssociated: Oracle Releases 349 New Safety Patches With July 2022 CPUGet the Each day Briefing Most CurrentMost LearnSenators Introduce Bipartisan Quantum Computing Cybersecurity InvoiceUber Settles With Federal Investigators Over 2016 Knowledge Breach Coverup1,000 Organizations Uncovered to Distant Assaults by FileWave MDM VulnerabilitiesUp to date TSA Pipeline Cybersecurity Necessities Supply Extra FlexibilityAtlassian Expects Confluence App Exploitation After Hardcoded Password LeakT-Cellular Settles to Pay $350M to Prospects in Knowledge BreachSonicWall Warns of Vital GMS SQL Injection VulnerabilityChrome Flaw Exploited by Israeli Spy ware Agency Additionally Impacts Edge, SafariIntezer Paperwork Highly effective ‘Lightning Framework’ Linux MalwareNew Default Account Lockout Coverage in Home windows 11 Blocks Brute Pressure AssaultsSearching for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Pc Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe best way to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EngagingThe best way to Defend Towards DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp Atlassian CVE-2022-26138 hardcoded password leak patch Questions for Confluence vulnerability Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Healthcare Organizations Warned of Royal Ransomware AttacksIntroducing the Cyber Security News Healthcare Organizations Warned of Royal Ransomware Attacks.... December 10, 2022 Cyber Security News
Microsoft Extends Aid for Ukraine’s Wartime Tech InnovationIntroducing the Cyber Security News Microsoft Extends Aid for Ukraine’s Wartime Tech Innovation.... November 4, 2022 Cyber Security News
France Regulator Raps Apple Over App Store AdsIntroducing the Cyber Security News France Regulator Raps Apple Over App Store Ads.... January 6, 2023 Cyber Security News
IBM Security: Cost of Data Breach Hitting All-Time HighsIntroducing the Cyber Security News IBM Security: Cost of Data Breach Hitting All-Time Highs.... July 28, 2022 Cyber Security News
Ghost Security Snags $15M Investment for API Security TechIntroducing the Cyber Security News Ghost Security Snags $15M Investment for API Security Tech.... August 5, 2022 Cyber Security News
PyPI Users Targeted With PoweRAT MalwareIntroducing the Cyber Security News PyPI Users Targeted With PoweRAT Malware.... January 10, 2023 Cyber Security News
Pantera Capital Plans $250M Solana (SOL) Buy, Analyst Predicts Record Rally Toward $1000March 8, 2024 77
Ethereum Blockchain Now Has A Modernized Version of Bitcoin (BTC) But With A Much Lower SupplyMarch 9, 2024 71
Bitcoin ETF Netflows May Experience Rebound If This Price Is Attained, Analyst ExplainsMarch 23, 2024 70