Описание
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
Ссылки
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:orangescrum:orangescrum:2.0.11:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
6.5 Medium
CVSS3
7.6 High
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
EPSS
Процентиль: 23%
0.00077
Низкий
6.5 Medium
CVSS3
7.6 High
CVSS3
Дефекты
CWE-79
CWE-79