Description

 
This advisory discloses a security issue of medium severity affecting sites created with Scroll Viewport for Confluence Cloud.

Affected Products

Sites created with Scroll Viewport for Confluence Cloud were affected before December 13th, 2022.

Severity

K15t rates the severity level of this issue as medium, because it could have been used to remotely execute code (RCE) using the permissions of the application.

This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.

Detailed description

The vulnerability may have allowed a malicious actor to create crafted URLs that would have injected response headers when user visits the URL.

We've rated this security issue with a CVSS score of 4.3 (Medium): https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Steps we've taken to fix this issue

We updated our Scroll Viewport for Cloud app on Monday, 12th of December 2022, 5 pm CET, so it is no longer vulnerable to this attack.

What you need to do to solve this issue on your instance

No actions are required from customers as the update occurs automatically for sites