Atlassian Confluence < 7.4.17 / 7.13.x < 7.13.6 / < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2 (CONFSERVER-79483)

critical Nessus Plugin ID 163327

Synopsis

The remote Atlassian Confluence host is missing a security update.

Description

The version of Atlassian Confluence installed on the remote host is prior to < 7.4.17 / 7.13.x < 7.13.6 / 7.14.x < 7.14.3 / 7.15.x < 7.15.2 / 7.16.x < 7.16.4 / 7.17.x < 7.17.2. It is potentially affected by a hard-coded credential vulnerability if the 'Questions for Confluence' app is installed.

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.(CVE-2022-26138)

Note that Nessus has not tested for this issue but has instead relied only on Confluence's self-reported version number. This plugin will only run in 'Parnoid' scans.

Solution

Upgrade to Atlassian Confluence version 7.4.17, 7.13.6, 7.14.3, 7.15.2, 7.16.4, 7.17.2, 7.13.6, 7.14.3, 7.15.2, 7.16.4, 7.17.2 or later.

See Also

https://jira.atlassian.com/browse/CONFSERVER-79483

Plugin Details

Severity: Critical

ID: 163327

File Name: confluence_confserver-79483.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 7/21/2022

Updated: 12/8/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-26138

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:atlassian:confluence

Required KB Items: installed_sw/confluence, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/8/2022

Vulnerability Publication Date: 7/8/2022

CISA Known Exploited Vulnerability Due Dates: 8/19/2022

Reference Information

CVE: CVE-2022-26138