CVE-2021-47721
Unknown Unknown - Not Provided

Privilege Escalation in Orangescrum 1.8.0 via Session Cookie Manipulation

Vulnerability report for CVE-2021-47721, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: VulnCheck

Description

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-07-06
AI Q&A
2025-12-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
orangescrum orangescrum 1.8.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2021-47721 is a privilege escalation vulnerability in Orangescrum version 1.8.0 that allows authenticated users to hijack other users' project-assigned accounts by manipulating session cookies. An attacker can extract a victim's unique user ID from the page source and replace their own session cookie with this ID, gaining unauthorized access to the victim's account. This bypasses authorization controls within the platform. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized account takeover within the Orangescrum platform, allowing an attacker to access and potentially manipulate another user's project data and actions. Since the attacker must be assigned to the same project as the victim, it enables privilege escalation and unauthorized access to sensitive project information, which can compromise confidentiality, integrity, and availability of project resources. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the 'USER_UNIQ' cookie and verifying if it can be manipulated to another user's 'uniq_id' extracted from the page source. Specifically, you can: 1. Access the dashboard of Orangescrum 1.8.0. 2. View the page source and look for the JavaScript variable 'var PUSERS' which contains user unique IDs. 3. Check if the 'USER_UNIQ' cookie can be modified to one of these IDs. Commands to assist detection could include using browser developer tools or curl to fetch the page source and inspect cookies, for example: curl -i -b "USER_UNIQ=<value>" https://<orangescrum-url>/dashboard to test cookie manipulation. Monitoring for unusual session cookie changes or multiple sessions using the same 'USER_UNIQ' value may also help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include: 1. Restrict authenticated users from manipulating session cookies by implementing server-side validation of session tokens. 2. Avoid exposing user unique IDs in the page source or client-side scripts. 3. Apply patches or updates provided by Orangescrum to fix the authorization bypass issue. 4. Monitor user sessions for suspicious activity such as cookie tampering or unexpected account access. 5. Limit project membership to trusted users to reduce the attack surface since exploitation requires shared project assignment. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47721. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart