We're updating the issue view to help you get more done. 

Forged HTTP requests can be used by unauthenticated Confluence clients to elevate permissions on the Acrolinx Server

Description

An attacker not authenticated in Confluence can use the proxy embedded in Scroll Acrolinx Connector to send forged HTTP requests in the context of an arbitrary user to the Acrolinx server. The proxy is used for loading the Acrolinx sidebar in the Confluence editor and was not correctly checking user authentication.

This vulnerability may be used to execute any operation the impersonated user is allowed to perform on the Acrolinx server, including but not limited to:

  • accessing documentation content the user would not normally be able to see in Confluence

  • performing administrative operations on the Acrolinx server

Environment

None

Status

Assignee

Unassigned

Reporter

Tobias Anstett (K15t)

Labels

Participants

None

Deployment

None

Components

Fix versions

Priority

Major