An attacker not authenticated in Confluence can use the proxy embedded in Scroll Acrolinx Connector to send forged HTTP requests in the context of an arbitrary user to the Acrolinx server. The proxy is used for loading the Acrolinx sidebar in the Confluence editor and was not correctly checking user authentication.
This vulnerability may be used to execute any operation the impersonated user is allowed to perform on the Acrolinx server, including but not limited to:
accessing documentation content the user would not normally be able to see in Confluence
performing administrative operations on the Acrolinx server