Confluence Bug Actively Exploited
by Artie Kaye
A common program for project management, Confluence, was patched last week. Part of the information released about the app Questions for Confluence is a hard coded password in the program. This creates an account that has access to most information shared, and as the password is hard coded, it can not be changed. After the information regarding the design flaw were released, it has started to be exploited in the wild. Disabling the Questions app is not enough. Update the program to the latest version to prevent being exploited.
The flaw is listed as CVE-2022-26138.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)