CVE-2023-1783

Name of the Vulnerable Software and Affected Versions OrangeScrum version 2.0.11

Description The issue allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.

Recommendations For OrangeScrum version 2.0.11, consider restricting the conversion of HTML content to PDF until a proper validation mechanism is implemented to prevent unauthorized access to AWS instance credentials. As a temporary workaround, limit the access to the PDF conversion feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.