Confluence hardcoded password enabling read access by any remote attacker — disabledsystemuser account with hardcoded password. Remove or disable the affected Questions plugin. Audit all content visible to the disabledsystemuser account for sensitive data exposure.
The Confluence Questions app for Confluence Server and Data Center had a hardcoded password (disabledsystemuser) that allowed any remote attacker to log in and view restricted content.
Supernova subscribers receive AI-triaged CVE alerts the moment they're published — before the PoC drops.
Start Supernova — $99/mo →