Critical Vulnerabilities in Multiple Atlassian Products being exploited-in-wild

Threat Level – Red | Vulnerability Report
Download PDF

Atlassian has released patches to address a critical security flaw, being tracked as CVE-2022-26138 involving the usage of hard-coded credentials in the Questions For Confluence app for Confluence Server and Confluence Data Center. Additionally, CVE-2022-26136 has been assigned to an authentication bypass and cross-site scripting (XSS) vulnerabilities and CVE-2022-26137 has been assigned to a Cross-origin resource sharing (CORS) bypass vulnerability. Both CVEs impact multiple Atlassian products.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox