Fixed
Details
Assignee
UnassignedUnassignedReporter
Maximilian Hilbert (K15t)Maximilian Hilbert (K15t)Due date
Aug 14, 2020Deployment
CloudData CenterFix versions
Priority
Major
Details
Details
Assignee
Unassigned
UnassignedReporter
Maximilian Hilbert (K15t)
Maximilian Hilbert (K15t)Due date
Aug 14, 2020
Deployment
Cloud
Data Center
Fix versions
Priority
MajorBackbone Work Sync
Backbone Work Sync
Backbone Work Sync
Created August 14, 2020 at 12:22 PM
Updated January 11, 2022 at 6:23 AM
Resolved August 14, 2020 at 12:22 PM
Summary
This advisory discloses a security issue of *medium* *severity* affecting Scroll Documents, and provides a step-by-step guide to help you rectify the issue. The following apps and versions are affected:
Scroll Documents for Confluence Server, versions 2.1.0 and older
Scroll Documents for Confluence Cloud, versions 2.0.22-AC and older
After updating to the fix versions, your instance is no longer affected by this security issue.
Severity
K15t Software rates the severity level of this issue as medium
This is our baseline assessment - it's best if you evaluate its applicability to your own IT environment.
Detailed description
Read requests with a malformed JSON body crash the list of read requests in that space and may also crash the reader if it tries to load such a read request for the current document. This can be used for example, but is not limited to:
An attacker could deny access to the read request list UI and the reader UI in spaces that they have access to and where they have permission to create read requests.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released *Scroll Documents 2.2.0 (Server) and 2.0.23-AC (Cloud)* update on Atlassian Marketplace
Informed all app customers and evaluators through our release notes.
What you need to do to solve this issue on your instance
A Confluence administrator might need to upgrade Scroll Documents to these (or later) versions:
Scroll Documents for Confluence Cloud, version 2.0.23-AC or newer
Scroll Documents for Confluence Server, version 2.2.0 or newer
Scroll Documents for Confluence Cloud will usually be updated automatically in your Confluence Cloud instance by the Atlassian Marketplace. Hence, you only need to double-check if the version in the Manage Apps/Add-ons section is 2.0.23-AC or newer. If this is not the case, you need to manually trigger this update by clicking on Update in the Manage Apps/Add-ons section of your Confluence Cloud instance.
Scroll Documents for Confluence Server needs to be updated within the Manage Apps/Add-ons section of your Confluence Server. You can either do this by clicking on Update for Scroll Documents or by downloading the latest version from the Atlassian Marketplace and manually upload it to your Confluence Server.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at support@k15t.com. We are happy to schedule a 1:1 screen sharing session to help you resolve the issue should you so desire.