Denial of Service vulnerability in bundled tika library
This advisory discloses a security issue of medium severity affecting several Scroll Exporter apps, and provides a step-by-step guide to help you rectify the issue.
You may be affected if you have one of these apps installed:
Scroll CHM Exporter, version 3.9.15 or earlier
Scroll DocBook Exporter, version 3.9.15 or earlier
Scroll EclipseHelp Exporter, version 3.9.15 or earlier
Scroll EPUB Exporter, version 3.9.15 or earlier
Scroll HTML Exporter, version 3.9.15 or earlier
After updating these apps to the following versions or later, your instance is no longer affected by this security issue.
Scroll CHM Exporter, version 3.9.16 or later
Scroll DocBook Exporter, version 3.9.16 or later
Scroll EclipseHelp Exporter, version 3.9.16 or later
Scroll EPUB Exporter, version 3.9.16 or later
Scroll HTML Exporter, version 3.9.16 or later
K15t rates the severity level of this issue as medium, because it can potentially be used to perform a denial of service attack against your Confluence instance.
We've rated this bug with a CVSS score of 6.5 (Medium).
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
The affected exporters bundle a programming library (tika) which contains this vulnerability (CVE-2021-28657). It might be possible to exploit this by injecting a forged image into the Confluence content so that it triggers the vulnerability while an export is performed. This might cause the export to get stuck, blocking the export thread and resulting in a denial of service situation if repeated often enough. Restarting Confluence will make the blocked threads available again, until the attack is repeated.
We have not found a way to exploit this with Confluence itself, but it might be possible in instances with third party apps outputting images.
This vulnerability has been identified due to the publishing of CVE-2021-28657. We are not aware of any active exploits.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released updates for all affected Scroll Exporter apps on the Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade any affected Scroll Exporter app versions to a fixed version or later.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at firstname.lastname@example.org. We are happy to schedule a 1:1 screensharing session to help you resolve the issue should you so desire.