SummaryA critical security vulnerability (CVE-2022-26134) was discovered in Atlassian Confluence.
Advisory Release Date

 

Affected Products

Linchpin Mobile as part of the Linchpin Intranet Suite.

Affected Versions

All versions of Linchpin Intranet Suite.

Fixed Versions

We expect this security vulnerability to be fixed by Atlassian soon.

Problem

Atlassian has been made aware of a current active exploitation of an unauthenticated remote code execution vulnerability of critical severity in Confluence Data Center and Confluence Server.

You can view Atlassian's official statement here:


We suspect that the attack can also be performed through Linchpin Mobile (as part of the Linchpin Intranet Suite) under the following conditions:

Linchpin Mobile apps accessing your Confluence without the gateway must be treated like every other computer client in your local network.

Remediation

Disable (not reset) the gateway connection of Linchpin Mobile until the fix for the host product from Atlassian can be deployed.

Impact on other Seibert Media products

Seibert Media apps from the Atlassian Marketplace including all joint venture apps

Other Confluence Server and Confluence Data Center apps

  • Not affected. No action is required.

Cloud apps

  • Not affected. No action is required.
Linchpin Hey

Not affected. No action is required.


Shortlink for this page: https://seibert.biz/cve202226134

  • No labels

This content was last updated on 06/03/2022.

This content hasn't been updated in a while. That doesn't have to be a problem. Some of our pages live for years without becoming obsolete. Please click this link if you want us to update this page. Old content can be incorrect, misleading or outdated. Please get in contact with us via a form on this page, our live chat or via email with content@seibert.group if you are in doubt, have a question, suggestion, or want changes from us.