CVE-2022-26138 The Atlassian Questions app creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password.

Upgrading to a newer version of the app with a different bugfix or feature might also create this user account, and it is recommended to create a new Confluence user account when upgrading. However, the app is not installed on all servers, and the server configurations might vary slightly. In these cases, this issue might also occur. This issue does not occur with Confluence Server and Data Center. The app is installed on all versions of Confluence Server and Data Center. Even though this issue does not affect versions below 3.0, we strongly recommend upgrading as soon as possible to avoid any potential security risk. If a new version of the app is installed and the same server is upgraded to a newer version, this issue might occur again. In this case, the app should be uninstalled and reinstalled again to avoid the issue.

What is Confluence?

Confluence is a collaborative web application written in Java and developed by Atlassian. It's used for project management, knowledge management, content collaboration and wiki-based websites.

How to enable two-factor authentication

The two-factor authentication feature is enabled by default. To disable two-factor authentication, follow the steps below:
1. Delete the two-factor authentication key that was used to save in your account's local settings.
2. Delete the two-factor authentication key from the database.
3. Remove all related entries from your database (confluence_quicksearch_attributes, confluence_userAttributeMap and confluence_userSettings).

How to avoid the issue

Create a new Confluence user account when upgrading to a newer version.
Even though this issue does not affect versions below 3.0, we strongly recommend upgrading as soon as possible to avoid any potential security risk. If a new version of the app is installed and the same server is upgraded to a newer version, this issue might occur again. In this case, the app should be uninstalled and reinstalled again to avoid the issue.

How to avoid the issue?

If your server is running a recent version of the application, upgrading to a newer version might create this issue. If you are unable to upgrade to a newer version of the application, or if you have any questions about this issue, please contact our support team.

This problem is usually caused by an older version of the Confluence being installed on a server where a newer version has been applied.
The workaround for this problem is to uninstall and reinstall the application. If you cannot uninstall and reinstall, contact our support team.

Summary:

The Confluence application is installed on all servers and the latest version of the app must be installed. If you install a new version of the app, be sure to uninstall it before installing the new one for this issue not to occur again.

Timeline

Published on: 07/20/2022 18:15:00 UTC
Last modified on: 08/04/2022 14:13:00 UTC

References

• https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html
• https://jira.atlassian.com/browse/CONFSERVER-79483
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26138