CVE-2021-47721

HIGH

8.8

Beschreibung

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht12/23/2025

Zuletzt geandert12/31/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

orangescrum:orangescrum

Schwachen (CWE)

CWE-639

Referenzen

https://www.exploit-db.com/exploits/50551(disclosure@vulncheck.com)

https://www.orangescrum.org/(disclosure@vulncheck.com)

https://www.vulncheck.com/advisories/orangescrum-authenticated-privilege-escalation-via-user-session-manipulation(disclosure@vulncheck.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.