| Summary | A critical security vulnerability (CVE-2022-26134) was discovered in Atlassian Confluence. |
|---|---|
| Advisory Release Date |
|
| Affected Products | Linchpin Mobile as part of the Linchpin Intranet Suite. |
Affected Versions | All versions of Linchpin Intranet Suite. |
| Fixed Versions | We expect this security vulnerability to be fixed by Atlassian soon. |
Problem
Atlassian has been made aware of a current active exploitation of an unauthenticated remote code execution vulnerability of critical severity in Confluence Data Center and Confluence Server.
You can view Atlassian's official statement here:
We suspect that the attack can also be performed through Linchpin Mobile (as part of the Linchpin Intranet Suite) under the following conditions:
- The Linchpin Mobile Gateway is enabled
- The attacker has valid Confluence credentials
Linchpin Mobile apps accessing your Confluence without the gateway must be treated like every other computer client in your local network.
Remediation
Disable (not reset) the gateway connection of Linchpin Mobile until the fix for the host product from Atlassian can be deployed.
Impact on other Seibert Media products
| Seibert Media apps from the Atlassian Marketplace including all joint venture apps | Other Confluence Server and Confluence Data Center apps
Cloud apps
|
|---|---|
| Linchpin Hey | Not affected. No action is required. |
Shortlink for this page: https://seibert.biz/cve202226134