CVE-2021-47721
Unknown Unknown - Not Provided
Privilege Escalation in Orangescrum 1.8.0 via Session Cookie Manipulation

Publication date: 2025-12-23

Last updated on: 2025-12-23

Assigner: VulnCheck

Description
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-23
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-14
NVD
CVE-2021-47721
EUVD
EUVD-2025-204841
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
orangescrum orangescrum 1.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2021-47721 is a privilege escalation vulnerability in Orangescrum version 1.8.0 that allows authenticated users to hijack other users' project-assigned accounts by manipulating session cookies. An attacker can extract a victim's unique user ID from the page source and replace their own session cookie with this ID, gaining unauthorized access to the victim's account. This bypasses authorization controls within the platform. [1, 2]

Impact Analysis

This vulnerability can lead to unauthorized account takeover within the Orangescrum platform, allowing an attacker to access and potentially manipulate another user's project data and actions. Since the attacker must be assigned to the same project as the victim, it enables privilege escalation and unauthorized access to sensitive project information, which can compromise confidentiality, integrity, and availability of project resources. [1, 2]

Detection Guidance

This vulnerability can be detected by checking for the presence of the 'USER_UNIQ' cookie and verifying if it can be manipulated to another user's 'uniq_id' extracted from the page source. Specifically, you can: 1. Access the dashboard of Orangescrum 1.8.0. 2. View the page source and look for the JavaScript variable 'var PUSERS' which contains user unique IDs. 3. Check if the 'USER_UNIQ' cookie can be modified to one of these IDs. Commands to assist detection could include using browser developer tools or curl to fetch the page source and inspect cookies, for example: curl -i -b "USER_UNIQ=<value>" https://<orangescrum-url>/dashboard to test cookie manipulation. Monitoring for unusual session cookie changes or multiple sessions using the same 'USER_UNIQ' value may also help detect exploitation attempts. [2]

Mitigation Strategies

Immediate mitigation steps include: 1. Restrict authenticated users from manipulating session cookies by implementing server-side validation of session tokens. 2. Avoid exposing user unique IDs in the page source or client-side scripts. 3. Apply patches or updates provided by Orangescrum to fix the authorization bypass issue. 4. Monitor user sessions for suspicious activity such as cookie tampering or unexpected account access. 5. Limit project membership to trusted users to reduce the attack surface since exploitation requires shared project assignment. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-47721. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart