PT-2026-7126 · Openproject · Openproject

Slashx0X

·

Publicado

2026-02-09

·

Atualizado

2026-02-09

·

CVE-2026-24777

CVSS v3.1

6.7

Média

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.2
Description OpenProject is a web-based project management software. Users with the 'Manage Users' permission could lock and unlock application administrators, a function intended only for regular users. This occurred due to a missing permission check in the user locking/unlocking logic.
Recommendations Update to version 17.0.2 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-24777
GHSA-FQ66-CWG6-QQ69

Produtos afetados

Openproject