Orangescrum Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Orangescrum version 1.8.0. This vulnerability allows authenticated users to take over accounts of other users assigned to the same project by manipulating session cookies. Exploitation involves extracting the unique ID of the target user from the page source and replacing the attacker's session cookie with it, thereby gaining unauthorized access to the victim's account.

Impact

Exploitation of this vulnerability allows for unauthorized account access, enabling an attacker to assume the identity and privileges of another user within the application.

Reproduction

To reproduce this vulnerability, an authenticated user must be assigned to the same project as the target account. First, access the dashboard and view the page source to locate the 'uniq_id' of the victim account. Once identified, replace the 'USER_UNIQ' cookie with the victim's unique ID. After refreshing the page, access will be granted to the victim's account.