Disclosure of custom export schemes



This advisory discloses a security issue of medium severity affecting specific Scroll Exporter apps, and provides a step-by-step guide to help you rectify the issue.

You may be affected if you have one of these apps installed:

  • Scroll CHM Exporter, version 3.9.14 or earlier

  • Scroll DocBook Exporter, version 3.9.14 or earlier

  • Scroll EclipseHelp Exporter, version 3.9.14 or earlier

  • Scroll EPUB Exporter, version 3.9.14 or earlier

  • Scroll HTML Exporter, version 3.9.14 or earlier

After updating these apps to the following versions or later, your instance is no longer affected by this security issue.

  • Scroll CHM Exporter, version 3.9.15 or later

  • Scroll DocBook Exporter, version 3.9.15 or later

  • Scroll EclipseHelp Exporter, version 3.9.15 or later

  • Scroll EPUB Exporter, version 3.9.15 or later

  • Scroll HTML Exporter, version 3.9.15 or later


K15t rates the severity level of this issue as medium, because it can be exploited by unauthenticated users.

We've rated this bug with a CVSS score of 5.3 (Medium).

This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.

Detailed description

Within the affected Scroll Exporter apps, users are able to configure export schemes which allow users to combine a custom export template with specifically defined export settings. These export schemes can then be used to export the required content with the desired formatting. Users can enter any custom - and potentially confidential - text into these export schemes.

For this security issue, it has been discovered that the export schemes REST endpoint does not perform sufficient permission checks, granting read access even to unauthenticated users.

You may inspect your Confluence instance for the presence of any export schemes by executing the following SQL statement on your database:

The bandanavalue column will contain an XML representation of any present export schemes, including any custom text.

The {{bandanacontext}} column will either refer to the space containing the export scheme or contain "_GLOBAL" for any export schemes stored globally.

This vulnerability has been identified in the scope of a security audit we conducted together with an external contractor. We are not aware of any active exploits of this vulnerability.

Steps we've taken to fix this issue

We have taken the following steps to address this issue:

  • Released updates for all Scroll Exporter apps on the Atlassian Marketplace

 What you need to do to solve this issue on your instance

  • A Confluence administrator needs to upgrade any affected Scroll Exporter app versions to a fixed version or later.

We are here to support you

We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.

In case you have any questions or want to get support in fixing the issue on your system please let us know at help@k15t.com. We are happy to schedule a 1:1 screensharing session to help you resolve the issue should you so desire.






Sync User [K15t]





QA Status




Documentation Status


UI Concept


External Votes



Fix versions

Due date