Blind SSRF vulnerability in Scroll Viewport – security advisory (2020-08-25)

Description

 

Summary

This advisory discloses a security issue of *medium* *severity* affecting Scroll Viewport, and provides a step-by-step guide to help you rectify the issue.

If you have Scroll Viewport version 2.17.4 or earlier installed on your Confluence instances you may be affected by this issue. After updating to version 2.17.5, your instance is no longer affected by this security issue.

Severity

K15t Software rates the severity level of this issue as *medium*, because the responses of the forged requests cannot be read by the attacker.

This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.

Detailed description

Scroll Viewport is affected by a Blind SSRF vulnerability that enables attackers to forge GET requests to be sent on server side, inside the internal network. 

It is not possible to read the responses of the forged requests. But it is possible to for example get information on whether some service exists on given address.

Any Confluence user who is able to edit pages or add comments to pages is able to perform the Blind SSRF attack.

We've rated this bug with a CVSS score of 5.8 (Medium).

Steps we've taken to fix this issue

We have taken the following steps to address this issue:

  • Released Scroll Viewport 2.17.5 update on Atlassian Marketplace

What you need to do to solve this issue on your instance

A Confluence administrator needs to upgrade Scroll Viewport to version 2.17.5 or later.

We are here to support you

We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.

In case you have any questions or want to get support in fixing the issue on your system please let us know at support@k15t.com. We are happy to schedule a 1:1 screensharing session to help you resolve the issue should you so desire.

Environment

None
Fixed

Assignee

Unassigned

Reporter

Sync User [K15t]

Labels

None

Participants

None

QA Status

None

Deployment

Server

Documentation Status

None

UI Concept

None

External Votes

None

Components

Fix versions

Configure