Confluence hardcoded password enabling read access by any remote attacker — disabledsystemuser account with hardcoded password. Remove or disable the affected Questions plugin. Audit all content visible to the disabledsystemuser account for sensitive data exposure.
The Confluence Questions app for Confluence Server and Data Center had a hardcoded password (disabledsystemuser) that allowed any remote attacker to log in and view restricted content.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →