This page provides an overview for security vulnerabilities that have been identified and resolved.

Key Summary T Created Updated Status Resolution
EXP-3477 Broken Access Control in Comala Document Mgmt for Scroll Exporters Security Advisory 29/Jul/22 11:26 AM 08/Feb/23 4:15 PM Released to Server Fixed
EXP-3404 User without space permissions can export with space-specific templates Security Advisory 10/Mar/22 11:30 AM 08/Feb/23 4:15 PM Released Fixed
EXP-3403 Unauthorized user can download template data via public REST API Security Advisory 10/Mar/22 11:28 AM 08/Feb/23 4:14 PM Released to Server Fixed
EXP-3374 XSS vulnerability in Scroll Exporter user interface Security Advisory 08/Dec/21 9:38 AM 08/Feb/23 4:15 PM Released to Server Fixed
EXP-3252 Path traversal vulnerability in REST API Security Advisory 27/Apr/21 11:50 AM 08/Feb/23 4:19 PM Released to Server Fixed
EXP-3211 Disclosure of installed Scroll Exporter app details Security Advisory 18/Feb/21 11:20 AM 08/Feb/23 4:14 PM Released to Server Fixed
EXP-3170 Disclosure of custom template placeholders Security Advisory 08/Dec/20 5:08 PM 16/May/23 5:11 PM Released to Server Fixed
EXP-3169 SSRF vulnerability in Scroll Exporter apps Security Advisory 08/Dec/20 5:08 PM 16/May/23 5:11 PM Released to Server Fixed
EXP-3168 Insufficient permission checks in export template REST API Security Advisory 08/Dec/20 5:08 PM 16/May/23 5:11 PM Released to Server Fixed
EXP-3167 Potential Denial of Service due to lack of authentication in REST API Security Advisory 08/Dec/20 5:08 PM 16/May/23 5:11 PM Released to Server Fixed
EXP-2834 DOM-XSS vulnerability in Scroll PDF Exporter and Scroll Word Exporter 2019-09-16 Security Advisory 16/Sep/19 6:18 PM 08/Feb/23 4:14 PM Released to Cloud Fixed
EXP-2826 Access token leak in Scroll Exporter apps for Confluence Cloud 2019-09-06 Security Advisory 05/Sep/19 3:36 PM 08/Feb/23 4:15 PM Released to Cloud Fixed
EXP-2825 SSRF vulnerability in Scroll Word Exporter 2019-09-05 Security Advisory 05/Sep/19 3:19 PM 08/Feb/23 4:14 PM Released Fixed
EXP-2802 XSS vulnerability in template upload mechanism 2019-07-04 Security Advisory 24/Jul/19 3:50 PM 08/Feb/23 4:14 PM Released Fixed
EXP-2779 Remote code execution vulnerability in Scroll Exporter apps 2019-06-17 Security Advisory 24/Jun/19 1:20 PM 08/Feb/23 4:15 PM Released Fixed
EXP-2614 The bundled Scroll Runtime plugin does not check permissions under certain conditions (2018-12-17) Security Advisory 17/Dec/18 2:52 PM 08/Feb/23 4:14 PM Released to Server Fixed
16 issues