Orangescrum/orangescrum

GitHub

github.com

www.orangescrum.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases12

Frequency2 months 1 week

Last Release almost 2 years ago

Stars238

Orangescrum is a simple yet powerful free and open source project management software that helps team to organize their tasks, projects and deliver more.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-1783 ↗	Jun 23, 2023Friday, 23 June 2023, 22:15	6.5 MEDIUM	—
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
CVE-2023-0738 ↗	Apr 4, 2023Tuesday, 4 April 2023, 23:15	6.1 MEDIUM	—
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.
CVE-2023-0624 ↗	Feb 9, 2023Thursday, 9 February 2023, 16:15	6.1 MEDIUM	—
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.
CVE-2023-0454 ↗	Feb 1, 2023Wednesday, 1 February 2023, 03:15	8.1 HIGH	—
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.
CVE-2023-0164 ↗	Jan 18, 2023Wednesday, 18 January 2023, 22:15	8.8 HIGH	—
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function.