Questions for Confluence is an application designed to help Confluence users obtain information, share information with others, and to seek counsel from experts when necessary.
Tracked as CVE-2022-26138 and considered ‘critical severity’, the issue exists because, when enabled on Confluence Server and Data Center, the Questions for Confluence application creates a user account with a hardcoded password.
The account, which has the username ‘disabledsystemuser’, is also added to the confluence-users group, which allows it to access non-restricted pages within Confluence.
