Slashx0X

**Name of the Vulnerable Software and Affected Versions** OpenProject versions prior to 17.0.2 **Description** OpenProject is a web-based project management software. Users with the 'Manage Users' permission could lock and unlock application administrators, a function intended only for regular users. This occurred due to a missing permission check in the user locking/unlocking logic. **Recommendations** Update to version 17.0.2 or later.