Vulnerabilities > Atlassian > Questions FOR Confluence

DATE CVE VULNERABILITY TITLE RISK
2022-07-20 CVE-2022-26138 Use of Hard-coded Credentials vulnerability in Atlassian Questions for Confluence 2.7.34/2.7.35/3.0.2
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password.
network
low complexity
atlassian CWE-798
critical
 9.8
9.8
2018-08-15 CVE-2018-13394 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5
2018-08-15 CVE-2018-13393 Cross-Site Request Forgery (CSRF) vulnerability in Atlassian Questions for Confluence
The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.
network
low complexity
atlassian CWE-352
6.5
6.5