CVE-2021-47721

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0

Description An authenticated user can take over other project-assigned accounts by manipulating session cookies, leading to privilege escalation. An attacker can extract a victim's unique ID from the page source and replace their own session cookie to gain unauthorized access.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider regularly rotating session cookies to minimize the risk of exploitation.