Security companies warn that an attack is already making use of a recently patched vulnerability in the Questions for Confluence application. An application called Questions for Confluence was created to make it easier for Confluence users to find information, exchange information with others, and, if necessary, consult professionals for advice.
The problem, identified as CVE-2022-26138 and rated as “critical severity,” exists because the Questions for Confluence application creates a user account with a hardcoded password when it is enabled on Confluence Server and Data Center.
The account, which goes by the username “disabledsystemuser,” is additionally added to the confluence-users group, enabling it to access Confluence’s non-restricted pages. CVE-2022-26138 is now being exploited, and it appears that some attack attempts were seen prior to Atlassian’s notice.