CVE-2023-1783

2023-06-2322:15:08

Google

osv.dev

orangescrum

remote attacker

aws credentials

html validation

pdf conversion

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.0%

JSON

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.

CPENameOperatorVersion
orangescrumeqV2.0.10
orangescrumeqV2.0.5
orangescrumeqV2.0.4
orangescrumeqV2.06
orangescrumeqV2.0.8
orangescrumeqV2.0.7
orangescrumeqV2.0.9
orangescrumeqV2.0.1
orangescrumeqV2.0.11
orangescrumeqV2.0.2

Name	Operator	Version
orangescrum	eq	V2.0.10
orangescrum	eq	V2.0.5
orangescrum	eq	V2.0.4
orangescrum	eq	V2.06
orangescrum	eq	V2.0.8
orangescrum	eq	V2.0.7
orangescrum	eq	V2.0.9
orangescrum	eq	V2.0.1
orangescrum	eq	V2.0.11
orangescrum	eq	V2.0.2