CVE-2023-0738
Published Apr 4, 2023
Last updated 2 years ago
Overview
- Description
- OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.
- Source
- help@fluidattacks.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:orangescrum:orangescrum:2.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "563467F2-799D-404D-89D2-A6B5B6092614"
}
],
"operator": "OR"
}
]
}
]