This advisory discloses a security issue of medium severity affecting all Scroll Exporter apps, and provides a step-by-step guide to help you rectify the issue.
If you have Scroll Runtime version 2.4.6 or earlier installed on your Confluence instances you may be affected by this issue. After updating to Scroll PDF Exporter 4.5.3, Scroll Word Exporter 4.0.4 and other Scroll Exporters to 3.8.5, your instance is no longer affected by this security issue because these app versions include Scroll Runtime 2.4.7.
K15t Software rates the severity level of this issue as medium, because exploiting the bug is limited to authenticated users and read-only operations.
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
We found a bug in the Scroll Runtime plugin which is bundled with the following Scroll apps:
- Scroll Viewport
- Scroll Versions
- Scroll Translations
- Scroll Acrolinx Connector
- Scroll PDF Exporter
- Scroll Word Exporter
- Scroll HTML Exporter
- Scroll EPUB Exporter
- Scroll EclipseHelp Exporter
- Scroll Docbook Exporter
- Scroll CHM Exporter
- Scroll Exporter Extensions
- Comala Workflows for Scroll Exporter
This bug enables authenticated users to read page IDs and titles from all spaces, regardless of space permissions and page-level restrictions. Other page information such as content, attachments or comments are NOT affected by this bug.
Anonymous / unauthenticated users were NOT able to exploit the bug, even if access to anonymous users is enabled in Confluence and individual spaces.
We've rated this bug with a CVSS score of 4.3 (Medium).
We released Scroll PDF Exporter 4.5.3, Scroll Word Exporter 4.0.4 and other Scroll Exporters in version 3.8.5 including Scroll Runtime 2.4.7 on Atlassian Marketplace.
A Confluence administrator needs to upgrade Scroll PDF Exporter to 4.5.3, Scroll Word Exporter to 4.0.4 and other Scroll Exporters to version 3.8.5 or later. This will also update Scroll Runtime to version 2.4.7.