CVE-2022-26138

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group. Vendor/Product: Atlassian Confluence. Added to CISA KEV 2022-07-29; required action: Apply updates per vendor instructions.