← back
CVE-2023-0454

CVE-2023-0454

CVSS 8.1 HIGHEPSS 1.0%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.1EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Feb 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected products
n/a · OrangeScrum