Atlassian fixes critical flaws in Confluence, Jira, Bitbucket and other products, update quickly!

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira Service Management to update their instances as soon as possible.

There is no mention of these vulnerabilities being exploited in the wild, but flaws in Atlassian Confluence are often leveraged by attackers.

CVE-2022-26138 affects the Questions for Confluence app, which is deployed and used by some Confluence Server and Data Center customers.

Because of this, and because uninstalling the app does not automatically remove the disabledsystemuser account, AND because it’s possible the account has been previously created by a version of the app that has been installed and uninstalled, Atlassian urges customers to check whether that active user account is present and to disable or delete it before or after updating to a non-vulnerable version of the app.

“These vulnerabilities affect the code included with each affected product. Systems are still affected even if they do not have any third-party apps installed,” Atlassian added.

“Unfortunately, Atlassian cannot confirm if an instance has been compromised. Please involve the local security team or a specialist security forensics firm for further investigation. Atlassian recommends checking the integrity of the application filesystem, for example, comparison of artifacts in their current state with recent backups to see if there are any unexpected differences. All security compromises are different, and there is a risk that an attacker could hide their footprint and change important files such as depending on the component that has been compromised.”

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Tell us About your Needs
Get an Answer the Same Business Day

Got an urgent request? Call us at 1-877-805-7475 or Book a meeting.

What happens next:

A Vumetric expert will contact you to learn more about your cybersecurity needs and goals.

The project's scope will be defined (Target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is sent to you.

This field is for validation purposes and should be left unchanged.


Everything You Need to Know

Gain confidence in your future cybersecurity assessments by learning to effectively plan, scope and execute projects.


Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g:,, etc.)

This site is registered on as a development site. Switch to a production site key to remove this banner.