A security issue was fixed on October, 13th 2021.

Nature of the issue

A security vulnerability was recently identified in Elements Publish to Confluence.
The vulnerability affected version 1.0.7-AC of Elements Publish to Confluence. The vulnerability meant that any user could use the Confluence permissions of the "Publish on behalf" user of a Publish recipe (if the option was activated).

This vulnerability has been rated as high, according to the scale published on the Common Vulnerability Scoring System (CVSS), and existed from August, 23rd 2021 to October, 13th 2021.

The vulnerability was brought to our attention by the Atlassian Marketplace Bug Bounty program

Impact

Based on our investigations, the vulnerability meant that a user could access the Confluence REST API with the same permission as the "On Behalf" user. 

This vulnerability could only be exploited if several optional steps were active at the same time : 

  • the recipe had to have been used at least once
  • the "On Behalf" option had to have been activated
  • the "On Behalf" user had to have full access to Confluence
  • anonymous users had to have been authorized on the JSM portal

If these conditions were satisfied, the exploit was available through several tools, not the Jira interface, and required advanced technical skills. No Jira data or Jira end-users were compromised.

Analysis and actions taken

Once we became aware of the issue, we reproduced and identified the problem's origin: a Path Traversal vulnerability meant that one of our API call could be exploited to reach the Confluence API through the permissions of the "On Behalf" user of a publication recipe. In addition to fixing this access point, the team conducted a full reassessment of the whole API and fortified it even more.

This vulnerability is now fixed.

We've updated the Atlassian Marketplace with an updated listing of our app that is free from this vulnerability.

No further action is required from any user at this point.

Conclusion

We want you to know that we take this issue very seriously. We are conducting a thorough review of our internal processes to ensure this does not occur again for you and our other customers.

If you have any questions, please feel free to raise a support request at support.elements-apps.com.