Saturday, December 3, 2022
HomeCyber SecurityAtlassian Confluence Bug Underneath Energetic Exploit

Atlassian Confluence Bug Underneath Energetic Exploit

A essential Atlassian Confluence vulnerability that was disclosed final week is now being actively exploited within the wild, researchers are warning.

In keeping with researchers at Rapid7, the bug in query (CVE-2022-26138, considered one of three patched final week) is because of a hardcoded password within the Questions for Confluence app, which might permit cyberattackers to realize full entry to knowledge throughout the on-premises Confluence Server and Confluence Information Middle platforms.

Extra particularly, as soon as put in, the Questions for Confluence app will “create a consumer account with a hard-coded password and add the account to a consumer group, which permits entry to all nonrestricted pages in Confluence,” in response to Rapid7’s posting. “This simply permits a distant, unauthenticated attacker to browse a company’s Confluence occasion.”

The stakes are excessive. Many organizations use Confluence for undertaking administration and collaboration amongst groups scattered throughout on-premises and distant areas. Usually Confluence environments can home delicate knowledge on tasks that a company is perhaps engaged on, or home it on its clients and companions.

Organizations are urged to patch rapidly as a result of the password was made public final week, prompting emergency motion by Atlassian. Confluence is sadly a preferred goal for attackers, as evidenced by the energetic exploitation of the bug tracked as CVE-2022-26134 in June, used to unfold ransomware.

Admins ought to observe: The bug solely exists when the Questions for Confluence app is enabled, and it doesn’t influence the Confluence Cloud occasion. Nonetheless, crucially, “uninstalling the Questions for Confluence app doesn’t remediate this vulnerability,” in response to Atlassian’s advisory final week.

“Confluence has had no scarcity of headlines,” Rick Holland, CISO at Digital Shadows, mentioned through electronic mail. “Hardcoded passwords considerably enhance the probability of exploitation, particularly when the passwords turn out to be extensively shared. Should you play soccer, hardcoded passwords are ‘personal objectives.’ Adversaries rating sufficient objectives alone; we needn’t put the ball in our personal web. By no means use hardcoded passwords; take the time to arrange correct authentication and reduce future dangers.”



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments