Atlassian has informed users that a newly patched vulnerability in Questions for Confluence would likely be used in attacks after an exploitable piece of information was made public.
‘Questions for Confluence’ is a knowledge-sharing tool that enables Confluence users to instantly access and exchange information, as well as communicate with subject matter experts. The application is a premium, optional Confluence add-on that is not installed by default.
The company released updates for a significant vulnerability in the Confluence Server and Data Center products’ application last week. Atlassian amended its caution late last week to warn that the hardcoded password has been made public.
Read More: Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak