This advisory discloses a security issue of critical severity affecting Scroll PDF Exporter, Scroll Word Exporter, Scroll Exporter Extensions and Scroll Wordpress Publisher and provides a step-by-step guide to help you rectify the issue.
Scroll PDF Exporter
Scroll Word Exporter
Scroll Exporter Extensions
Scroll Wordpress Publisher
We have updated these apps on September 4th, 2019 to a fixed version.
K15t rates the severity level of this issue as critical, because on Confluence Cloud it can be exploited to access and manipulate any customer data.
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
We found a bug in the way external content referenced in HTML is handled during the export. An attacker can exploit this bug to get access to credentials of our Cloud infrastructure. These credentials can be used to retrieve access credentials for authenticating as our Cloud apps or any user at customer Confluence instance REST APIs, allowing an attacker to use these REST APIs in order to access or manipulate data such as Confluence pages or attachments.
To exploit this issue an attacker needs access to any Confluence Cloud site, for example one that is owned by the attacker.
We've rated this bug with a CVSS score of 10.0 (Critical).
We updated our Cloud apps so the are no longer vulnerable to this attack.
We informed all affected customers of the vulnerability.
No actions are required from customers as updates occur automatically for Cloud apps.