Unrated severityNVD Advisory· Published Jun 23, 2023· Updated Nov 27, 2024

OrangeScrum 2.0.11 - AWS Credentials Leak via PDF Rendering

CVE-2023-1783

Description

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.

Affected products

Orangescrum/Orangescrumv5
Range: 2.0.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fluidattacks.com/advisories/stirling/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000