OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering
CVE-2023-1783

6.5MEDIUM

Key Information:

Vendor

Orangescrum

Status
Orangescrum
Vendor
CVE Published:
23 June 2023

What is CVE-2023-1783?

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Orangescrum Linux 2.0.11

References

https://github.com/Orangescrum/orangescrum/
https://fluidattacks.com/advisories/stirling/

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.