Security Advisories
This page outlines the security vulnerabilities that have been identified and resolved in the app.
| Key | Summary | T | Created | Updated | Due | Assignee | Reporter | P | Status | Resolution |
|---|---|---|---|---|---|---|---|---|---|---|
| EXP-3477 | Broken Access Control in Comala Document Mgmt for Scroll Exporters |
|
29/Jul/22 11:26 AM | 08/Feb/23 4:15 PM | 29/Jul/22 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3404 | User without space permissions can export with space-specific templates |
|
10/Mar/22 11:30 AM | 08/Feb/23 4:15 PM | 10/Mar/22 | Unassigned | Sync User [K15t] |
|
Released | Fixed |
| EXP-3403 | Unauthorized user can download template data via public REST API |
|
10/Mar/22 11:28 AM | 08/Feb/23 4:14 PM | 10/Mar/22 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3374 | XSS vulnerability in Scroll Exporter user interface |
|
08/Dec/21 9:38 AM | 08/Feb/23 4:15 PM | 08/Dec/21 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3252 | Path traversal vulnerability in REST API |
|
27/Apr/21 11:50 AM | 08/Feb/23 4:19 PM | 27/Apr/21 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3211 | Disclosure of installed Scroll Exporter app details |
|
18/Feb/21 11:20 AM | 08/Feb/23 4:14 PM | 18/Feb/21 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3170 | Disclosure of custom template placeholders |
|
08/Dec/20 5:08 PM | 02/Mar/23 5:19 PM | 08/Dec/20 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3169 | SSRF vulnerability in Scroll Exporter apps |
|
08/Dec/20 5:08 PM | 02/Mar/23 5:19 PM | 08/Dec/20 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3168 | Insufficient permission checks in export template REST API |
|
08/Dec/20 5:08 PM | 02/Mar/23 5:19 PM | 08/Dec/20 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3167 | Potential Denial of Service due to lack of authentication in REST API |
|
08/Dec/20 5:08 PM | 02/Mar/23 5:19 PM | 08/Dec/20 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-3056 | XSS vulnerability in font management dialog |
|
13/Jul/20 8:20 AM | 08/Feb/23 4:14 PM | 13/Jul/20 | Unassigned | Sync User [K15t] |
|
Released | Fixed |
| EXP-2910 | SSRF vulnerability in PDF engine bundled with Scroll PDF Exporter |
|
10/Dec/19 5:47 PM | 08/Feb/23 4:14 PM | 10/Dec/19 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-2847 | Scroll Exporter Security Advisory 2014-11-19 |
|
25/Sep/19 1:21 PM | 08/Feb/23 4:14 PM | 25/Sep/19 | Unassigned | Sync User [K15t] |
|
Released to Server | Fixed |
| EXP-2834 | DOM-XSS vulnerability in Scroll PDF Exporter and Scroll Word Exporter 2019-09-16 |
|
16/Sep/19 6:18 PM | 08/Feb/23 4:14 PM | 16/Sep/19 | Unassigned | Sync User [K15t] |
|
Released to Cloud | Fixed |
| EXP-2826 | Access token leak in Scroll Exporter apps for Confluence Cloud 2019-09-06 |
|
05/Sep/19 3:36 PM | 08/Feb/23 4:15 PM | 06/Sep/19 | Unassigned | Sync User [K15t] |
|
Released to Cloud | Fixed |
| EXP-2802 | XSS vulnerability in template upload mechanism 2019-07-04 |
|
24/Jul/19 3:50 PM | 08/Feb/23 4:14 PM | 04/Jul/19 | Unassigned | Sync User [K15t] |
|
Released | Fixed |
| EXP-2779 | Remote code execution vulnerability in Scroll Exporter apps 2019-06-17 |
|
24/Jun/19 1:20 PM | 08/Feb/23 4:15 PM | 17/Jun/19 | Unassigned | Jens Rutschmann (K15t) |
|
Released | Fixed |
| EXP-2750 | PDFreactor can be used for SSRF and access to arbitrary files on the server 2019-05-14 |
|
16/May/19 1:39 PM | 08/Feb/23 4:14 PM | 14/May/19 | Unassigned | Jens Rutschmann (K15t) |
|
Released to Server | Fixed |
| EXP-2614 | The bundled Scroll Runtime plugin does not check permissions under certain conditions (2018-12-17) |
|
17/Dec/18 2:52 PM | 08/Feb/23 4:14 PM | 17/Dec/18 | Unassigned | Jens Rutschmann (K15t) |
|
Released to Server | Fixed |