×

You're using an outdated browser

For a better experience, keep your browser up to date. Check here for the latest version.

Manual

Scroll Versions Security Advisory 2016-07-20

Roman Serazhiev

Roman Serazhiev Last update: Jul 19, 2018

This advisory discloses a critical security vulnerability that we have found in Scroll Versions and Scroll Translations which was fixed in a recent version of these add-ons.

  • Customers who have downloaded and installed Scroll Versions AND Scroll Viewport should upgrade their existing Scroll Versions version to fix this vulnerability.  
  • Scroll Translations is also affected by this vulnerability when Scroll Viewport is installed.

The vulnerability affects all versions of Scroll Versions from 3.0 up to and including 3.1.2, running on all supported Confluence versions.

K15t Software is committed to product security. We encourage the reporting of vulnerabilities (through our support system or via support@k15t.com), and we welcome external input to help identify and solve potential problems.

If you have questions or concerns regarding this advisory, please raise a support request at http://support.k15t.com.

Child pages of restricted pages are accessible in spaces where both Scroll Versions and Scroll Viewport are used

Severity

K15t Software rates the severity level of this vulnerability as critical, according to the scale published in Severity Levels of Security Issues by Atlassian. The scale allows us to rank the severity as critical, high, moderate or low.

This is an independent assessment and you should evaluate its applicability to your own IT environment.

Description

A critical security problem has been found in the following products:

  • Scroll Versions
  • Scroll Translations

If a space uses both Scroll Versions and Scroll Viewport OR Scroll Translations and Scroll Viewport, restricted pages could become visible in certain scenarios. There is no workaround available. Confluence administrators must upgrade Scroll Versions and/or Scroll Translations to version 3.1.3.

It has been fixed in 3.1.3. The issue is tracked in:  VSN-2954  

Risk Mitigation

Unfortunately there is no temporary workaround, please update your current Scroll Translations and Scroll Versions add-ons to version 3.1.3 immediately.

Fix

This vulnerability can be fixed by upgrading your Scroll Versions and Scroll Translations version. If you have any questions, please raise a support request at http://support.k15t.com. We strongly recommend this upgrade.

2xlatest
We use cookies to create a secure and effective browsing experience for our website visitors and to understand how you use our site (i.e. Google Analytics). For more information: click here.
Ok