Organ Network security and American Infrastructure (CISA) on Friday added the recently disclosed Atlassian security vulnerability to its List of Known Exploited Vulnerabilities, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2022-26138, involves the use of hard-coded credentials when the Confluence Question application is enabled in the Confluence Server and Data Center instances. Whether.
“Remote unauthenticated attackers can use these credentials to log into Confluence and access all content accessible to users in the confluence user group,” notes CISA. in his advice.
Depending on the site and information restrictions a company has in Confluence, successful exploitation of the omission could result in the release of sensitive information.
While the bug was addressed by software company Atlassian last week in versions 2.7.38 and 3.0.5, it has since been actively exploited, cybersecurity firm Rapid7 revealed this week. .
Erick Galinkin, principal AI researcher at Rapid7, told The Hacker News: “Mining attempts at this time do not appear to be very common, although we expect that to change.”
“The good news is that the vulnerability resides in the Question for Confluence app and not in the Confluence itself, which reduces the attack surface significantly.”
With the vulnerability now added to the catalog, the Federal Civil Service Branch (FCEB) in the United States is required to apply patches by August 19, 2022, to reduce the risk of cyber attack.
“At this point, the vulnerability has been made public for a relatively short period of time,” noted Galinkin. “Along with the absence of meaningful post-mining activity, we have not identified any threat actors posed by the attacks.”