Author: Mayank Deshmukh

Atlassian Confluence : Questions for Confluence App – Hardcoded Credentials (CVE-2022-26138)

Over the last few months, Atlassian Confluence is increasingly a target for attackers. In June’22, we saw CVE-2022-26134 a Critical severity OGNL Remote Code Execution vulnerability. Recently in the last week of July’22, CVE-2022-26138 was disclosed on social media platforms. In CVE-2022-26138, a Confluence user account is created by Questions for Confluence app with hardcoded […]

Atlassian Confluence OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)

On June 02, 2022, Atlassian published a security advisory about a critical severity Unauthenticated Remote Code Execution vulnerability affecting Confluence Server and Data Center. According to the advisory, the vulnerability is being actively exploited and Confluence Server and Data Center versions after 1.3.0 are affected. The vulnerability is tracked as CVE-2022-26134 with 9.8 CVSSv3 score with multiple proof of […]