|A critical security vulnerability (CVE-2022-26134) was discovered in Atlassian Confluence.
|Advisory Release Date
Linchpin Mobile as part of the Linchpin Intranet Suite.
All versions of Linchpin Intranet Suite.
We expect this security vulnerability to be fixed by Atlassian soon.
Atlassian has been made aware of a current active exploitation of an unauthenticated remote code execution vulnerability of critical severity in Confluence Data Center and Confluence Server.
You can view Atlassian's official statement here:
We suspect that the attack can also be performed through Linchpin Mobile (as part of the Linchpin Intranet Suite) under the following conditions:
- The Linchpin Mobile Gateway is enabled
- The attacker has valid Confluence credentials
Linchpin Mobile apps accessing your Confluence without the gateway must be treated like every other computer client in your local network.
Disable (not reset) the gateway connection of Linchpin Mobile until the fix for the host product from Atlassian can be deployed.
Impact on other Seibert Media products
|Seibert Media apps from the Atlassian Marketplace including all joint venture apps
Other Confluence Server and Confluence Data Center apps
Not affected. No action is required.
Shortlink for this page: https://seibert.biz/cve202226134