Scroll Versions Security Advisory 2016-07-20
This advisory discloses a critical security vulnerability that we have found in Scroll Versions and Scroll Translations which was fixed in a recent version of these add-ons.
- Customers who have downloaded and installed Scroll Versions AND Scroll Viewport should upgrade their existing Scroll Versions version to fix this vulnerability.
- Scroll Translations is also affected by this vulnerability when Scroll Viewport is installed.
The vulnerability affects all versions of Scroll Versions from 3.0 up to and including 3.1.2, running on all supported Confluence versions.
K15t Software is committed to product security. We encourage the reporting of vulnerabilities (through our support system or via firstname.lastname@example.org), and we welcome external input to help identify and solve potential problems.
If you have questions or concerns regarding this advisory, please raise a support request at http://support.k15t.com.
Child pages of restricted pages are accessible in spaces where both Scroll Versions and Scroll Viewport are used
K15t Software rates the severity level of this vulnerability as critical, according to the scale published in Severity Levels of Security Issues by Atlassian. The scale allows us to rank the severity as critical, high, moderate or low.
This is an independent assessment and you should evaluate its applicability to your own IT environment.
A critical security problem has been found in the following products:
- Scroll Versions
- Scroll Translations
If a space uses both Scroll Versions and Scroll Viewport OR Scroll Translations and Scroll Viewport, restricted pages could become visible in certain scenarios. There is no workaround available. Confluence administrators must upgrade Scroll Versions and/or Scroll Translations to version 3.1.3.
It has been fixed in 3.1.3. The issue is tracked in: VSN-2954
Unfortunately there is no temporary workaround, please update your current Scroll Translations and Scroll Versions add-ons to version 3.1.3 immediately.
This vulnerability can be fixed by upgrading your Scroll Versions and Scroll Translations version. If you have any questions, please raise a support request at http://support.k15t.com. We strongly recommend this upgrade.