Atlassian Questions for Confluence Hard-Coded Credentials Vulnerability

A vulnerability exists in the Atlassian Questions for Confluence app, specifically for Confluence Server and Data Center. The app creates a user account named 'disabledsystemuser' in the 'confluence-users' group, using a hard-coded password. This allows remote, unauthenticated attackers who know the password to access Confluence content available to 'confluence-users' group members. The vulnerable versions are 2.7.34, 2.7.35, and 3.0.2.

Impact

Exploitation allows unauthorized access to Confluence, with the ability to view and edit all non-restricted pages, using the 'disabledsystemuser' account.

Remediation

To address this vulnerability, update the Questions for Confluence app to version 2.7.38 or later (for Confluence 6.13.18 through 7.16.2) or version 3.0.5 or later (for Confluence 7.16.3 and later). If the 'disabledsystemuser' account has been created, it can be disabled or deleted, but ensure to update or uninstall the app to prevent the account from being recreated.