OrangeScrum 2.0.11 - AWS Credentials Leak
Summary
| Name | OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering |
| Code name | |
| Product | OrangeScrum |
| Affected versions | Version 2.0.11 |
| State | Public |
| Release date | 2023-06-23 |
Vulnerability
| Kind | Server Side XSS |
| Rule | |
| Remote | Yes |
| CVSSv3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CVSSv3.1 Base Score | 6.5 |
| Exploit available | Yes |
| CVE ID(s) |
Description
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
Vulnerability
This vulnerability occurs because the application does not properly validate the HTML content to be converted to PDF.
Exploitation
Our security policy
We have reserved the CVE-2023-1783 to refer to these issues from now on.
System Information
-
Version: OrangeScrum 2.0.11
-
Operating System: GNU/Linux
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Carlos Bello from Fluid Attacks' Offensive Team.
References
Vendor page https://github.com/Orangescrum/orangescrum/
Timeline
2023-03-31
Vulnerability discovered.
2023-03-31
Vendor contacted.
2023-03-31
Vendor replied acknowledging the report.
2023-06-23
Public Disclosure.
