Forged HTTP requests can be used by unauthenticated Confluence clients to elevate permissions on the Acrolinx Server
|Advisory release date|
|Products||Scroll Acrolinx Connector|
All versions before 3.2.1
This advisory discloses a security issue of critical severity affecting Scroll Acrolinx Connector for Confluence, and provides a step-by-step guide to help you rectify the issue.
If you have Scroll Acrolinx Connector version 3.2.0 or earlier installed on your Confluence instances you may be affected by this issue. After updating to version 3.2.1, your instance is no longer affected by this security issue.
K15t Software rates the severity level of this issue as critical, as a user without an account on the Acrolinx Server can execute administration commands.
This is our baseline assessment – it's best if you evaluate its applicability to your own IT environment.
An attacker not authenticated in Confluence can use the proxy embedded in Scroll Acrolinx Connector to send forged HTTP requests in the context of an arbitrary user to the Acrolinx server. The proxy is used for loading the Acrolinx sidebar in the Confluence editor and was not correctly checking user authentication.
This vulnerability may be used to execute any operation the impersonated user is allowed to perform on the Acrolinx server, including but not limited to:
- accessing documentation content the user would not normally be able to see in Confluence
- performing administrative operations on the Acrolinx server.
Steps we've taken to fix this issue
We have taken the following steps to address this issue:
- Released Scroll Acrolinx Connector 3.2.1 update on Atlassian Marketplace
- Informed all app customers and evaluators who might have been affected
What you need to do to solve this issue on your instance
To follow these steps, you must have the Confluence Administrator global permission.
Update the app to version 3.2.1
Navigate to Confluence Administration > Manage Add-ons and find Scroll Acrolinx Connector. Click on the app > Update.
We are here to support you
We apologize deeply for any inconvenience this issue has caused you. If you would like assistance in correcting it, then we are here to help.
In case you have any questions or want to get support in fixing the issue on your system please let us know at firstname.lastname@example.org. We are happy to schedule a 1:1 screensharing session to help you resolve the issue should you so desire.