When Security for Confluence Data Center is installed, it creates a new user with the username soteri-security. This user is automatically added to the confluence-administrators group so that it can access all Confluence content when scanning.

Removing or otherwise limiting the access of this user will cause the plugin to malfunction.

See Confluence Admin Permissions Levels Explained for more information.

The soteri-security user has no password set, so no external users can log in as this user and gain unauthorized access. Security for Confluence is not vulnerable to issues like CVE-2022-26138.