CVE-2021-47721
Privilege Escalation in Orangescrum 1.8.0 via Session Cookie Manipulation
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| orangescrum | orangescrum | 1.8.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47721 is a privilege escalation vulnerability in Orangescrum version 1.8.0 that allows authenticated users to hijack other users' project-assigned accounts by manipulating session cookies. An attacker can extract a victim's unique user ID from the page source and replace their own session cookie with this ID, gaining unauthorized access to the victim's account. This bypasses authorization controls within the platform. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized account takeover within the Orangescrum platform, allowing an attacker to access and potentially manipulate another user's project data and actions. Since the attacker must be assigned to the same project as the victim, it enables privilege escalation and unauthorized access to sensitive project information, which can compromise confidentiality, integrity, and availability of project resources. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of the 'USER_UNIQ' cookie and verifying if it can be manipulated to another user's 'uniq_id' extracted from the page source. Specifically, you can: 1. Access the dashboard of Orangescrum 1.8.0. 2. View the page source and look for the JavaScript variable 'var PUSERS' which contains user unique IDs. 3. Check if the 'USER_UNIQ' cookie can be modified to one of these IDs. Commands to assist detection could include using browser developer tools or curl to fetch the page source and inspect cookies, for example: curl -i -b "USER_UNIQ=<value>" https://<orangescrum-url>/dashboard to test cookie manipulation. Monitoring for unusual session cookie changes or multiple sessions using the same 'USER_UNIQ' value may also help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Restrict authenticated users from manipulating session cookies by implementing server-side validation of session tokens. 2. Avoid exposing user unique IDs in the page source or client-side scripts. 3. Apply patches or updates provided by Orangescrum to fix the authorization bypass issue. 4. Monitor user sessions for suspicious activity such as cookie tampering or unexpected account access. 5. Limit project membership to trusted users to reduce the attack surface since exploitation requires shared project assignment. [1, 2]