Leading Online Workspace Has a Critical Vulnerability

Cyber. image by pixabay

This post is also available in: עברית (Hebrew)

The US Cybersecurity and Infrastructure Security Agency (CISA) is directing government organizations and private companies to find a solution to a recently disclosed vulnerability of the readily used online workspace Confluence. It appears that this vulnerability has already been exploited in attacks. Since Confluence is mostly used by companies to mitigate tasks and oversee team missions, this vulnerability might expose a lot of sensitive information pertaining to inner-company workings. 

According to the report of securityweek.com, this dangerous vulnerability, tracked as CVE-2022-26138, is related to the existence of an account named ‘disabledsystemuser’ in the Questions for Confluence app, which is designed to help admins migrate data from the app to Confluence Cloud. The problem is that this account is created with a hardcoded password and is added to the ‘confluence-users’ group, which allows viewing and editing non-restricted pages in Confluence by default.

What does this mean? The result of this vulnerability is that a remote and unauthenticated attacker can take advantage of the account to log into Confluence and access any page the user group has access to. 

The developers of Confluence, Atlassian, describe it as “a vulnerability in multiple Atlassian products that allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. Atlassian has not exhaustively enumerated all potential consequences of this vulnerability”. The official Confluence website writes the following: “Atlassian rates the severity level of this vulnerability as critical, according to the scale published in Atlassian severity levels.” 

Numerous exploitation attempts have already been made, from organized cyber criminals to amateurs – attacks are coming from more than a dozen unique IP addresses every day. Proof-of-concept (PoC) exploits are also being publicly released. As of today, no information is available to the public regarding the identities of exploiters of what they are trying to achieve.  

Due to the severity of the vulnerability, the US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government agencies to address CVE-2022-26138 by August 19th, 2022. 

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2022, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on November 2nd – 3rd

Interested in sponsoring / a display booth at the 2022 INNOTECH exhibition? Click here for details!