GCVE - cpe:2.3:a:atlassian:questions_for_confluence:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:atlassian:questions_for_confluence:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Atlassian (`8acde0d4-2b83-5bd8-8d3f-60d59e0b022e`)
Product	Questions For Confluence (`34a36e24-59a0-589e-9d25-f2fc308ead68`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-26138`	vulnerable	2026-06-03 14:46:41.725833	Details available The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app. Published: 2022-07-20T17:25:26.913Z Updated: 2026-01-12T21:22:06.527Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CONFSERVER-79483 https://confluence.atlassian.com/doc/confluence-security-advisory-2022-07-20-1142446709.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-13394`	vulnerable	2026-06-03 14:38:10.520864	Details available The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. Published: 2018-08-15T12:00:00.000Z Updated: 2024-09-16T22:51:01.482Z Open on db.gcve.eu Reference links https://jira.atlassian.com/browse/CONFSERVER-56283 http://www.securityfocus.com/bid/105284	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-13393`	vulnerable	2026-06-03 14:38:10.520456	Details available The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. Published: 2018-08-15T12:00:00.000Z Updated: 2024-09-16T18:23:29.602Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/105155 https://jira.atlassian.com/browse/CONFSERVER-56282	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.