Atlassian discloses critical bugs – Security

Jake Guinan July 21, 2022

Atlassian’s popular Confluence server and data centre products have been patched to remove a hardcoded credentials bug the company rates as of critical severity.

As the company explains in its advisory, the bug (CVE-2022-26138) exists if the user has enabled the Questions for Confluence app.

When enabled, Questions for Confluence creates a user account called ‘disabledsystemuser’, to help admins migrating data from the app to Confluence Cloud.

That account, part of the confluence-users group, has a hardcoded password, allowing a remote, unauthenticated attacker to log into Confluence and access any pages available to the confluence-users group.

The company said that “the hardcoded password is trivial to obtain after downloading and reviewing affected versions of the app.”

The account could exist because Questions for Confluence has been previously enabled, even if it’s not currently active. 

Admins should check whether their Confluence server or data centre instance has a ‘disabledsystemuser’ account with the email address ‘[email protected]’.

A separate advisory covers two bugs, CVE-2022-26136 and CVE-2022-26137, which affects a range of products.

These include the server and data centre versions of Bamboo, Bitbucket, Confluence, Crowd, Jira and Jira Service Management, as well as the company’s Fisheye and Crucible software.

Atlassian Cloud sites are not affected, the company noted.

The bugs affect servlet filters, Java code that inspects and processes incoming HTTP requests. 

“Some servlet filters provide security mechanisms such as logging, auditing, authentication, or authorization,” the advisory states.

In CVE-2022-26136, “a remote, unauthenticated attacker [can] bypass servlet filters used by first and third party apps.”

Possible exploits, Atlassian said, include authentication bypass and cross-site scripting attacks.

In CVE-2022-26137, the attacker can “cause additional servlet filters to be invoked when the application processes requests or responses”, opening a system to a cross-origin resource sharing bypass.

This is exploitable by tricking a user into requesting a malicious URL, giving a remote, unauthenticated attacker access to the vulnerable application with the victim’s permissions.

Tags: , , , ,

More Stories

Helpful Information Technology Training Courses

Jake Guinan April 10, 2024 0

Overview Of Information Technology (Part I)

Jake Guinan April 10, 2024 0

IT and Development of Its Various Aspects

Jake Guinan April 1, 2024 0

You may have missed

What Is Cloud Based Service and Which Cloud Service Is Best?

Jake Guinan April 19, 2024 0

Know About Claims Processing Software

Jake Guinan April 18, 2024 0

Software Development Companies – Discussing Their Roles and Areas of Business

Jake Guinan April 18, 2024 0

Oracle Exam 1Z0-147 Is Being Retired: What Does That Mean to Me?

Jake Guinan April 16, 2024 0

How Has Technology Changed Our Lives?

Jake Guinan April 15, 2024 0