Broken Access Control in Scroll Viewport (Server/DC) – security advisory 2022-07-29
Description
This advisory discloses a security issue of mediumseverity affecting Scroll Viewport for Server and Data Center.
If you have Scroll Viewport version 2.20.1 or earlier installed on your Confluence instances you may be affected by this issue. After updating to version 2.20.2, your instance is no longer affected by this security issue.
Severity
K15t rates the severity level of this issue as medium severity as a Broken Access Control type of vulnerability.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released Scroll Viewport 2.20.2 update on Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade Scroll Viewport to these (or later) versions:
Scroll Viewport for Confluence Server and Data Center needs to be updated within the Manage Apps/Add-ons section of your Confluence Server. You can either do this by clicking on Update for Scroll Viewport or by downloading the latest version from the Atlassian Marketplace and manually upload it to your Confluence Server.
If you use the Comala Document Mgmt for Scroll Exporter integration app to integrate Scroll Viewport with Comala Document Management that app should also be updated to the latest version 1.0.15.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at help@k15t.com.
This advisory discloses a security issue of medium severity affecting Scroll Viewport for Server and Data Center.
If you have Scroll Viewport version 2.20.1 or earlier installed on your Confluence instances you may be affected by this issue. After updating to version 2.20.2, your instance is no longer affected by this security issue.
Severity
K15t rates the severity level of this issue as medium severity as a Broken Access Control type of vulnerability.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
Released Scroll Viewport 2.20.2 update on Atlassian Marketplace
What you need to do to solve this issue on your instance
A Confluence administrator needs to upgrade Scroll Viewport to these (or later) versions:
Scroll Viewport for Confluence Server and Data Center, version 2.20.2 or newer
Scroll Viewport for Confluence Server and Data Center needs to be updated within the Manage Apps/Add-ons section of your Confluence Server. You can either do this by clicking on Update for Scroll Viewport or by downloading the latest version from the Atlassian Marketplace and manually upload it to your Confluence Server.
If you use the Comala Document Mgmt for Scroll Exporter integration app to integrate Scroll Viewport with Comala Document Management that app should also be updated to the latest version 1.0.15.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at help@k15t.com.