Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation
Vulnerability Description
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
OrangeScrum 安全漏洞
Vulnerability Description
OrangeScrum是美国OrangeScrum公司的一款简单但功能强大的免费开源项目管理软件。 OrangeScrum 1.8.0版本存在安全漏洞,该漏洞源于会话cookie处理不当,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A