Questions For Confluence Atlassian Questions For Confluence

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Atlassian Questions For Confluence.

By the Year

In 2025 there have been 0 vulnerabilities in Atlassian Questions For Confluence. Questions For Confluence did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2025 0 0.00
2024 0 0.00
2023 0 0.00
2022 1 9.80
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 2 6.50

It may take a day or so for new Questions For Confluence vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Atlassian Questions For Confluence Security Vulnerabilities

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password

CVE-2022-26138 9.8 - Critical - July 20, 2022

The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.

Use of Hard-coded Credentials

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0

CVE-2018-13393 6.5 - Medium - August 15, 2018

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

Session Riding

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0

CVE-2018-13394 6.5 - Medium - August 15, 2018

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Atlassian Questions For Confluence or by Atlassian? Click the Watch button to subscribe.

Atlassian
Vendor

subscribe