Security Advisory

CVE-2023-0454

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-02-01 00:00:00

Last updated 2025-03-27 14:41:27

Assigner Fluid Attacks

State PUBLISHED

Description

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.

← Browse all CVEs View on cve.org ↗