PT-2017-12160 · Openproject · Openproject

Published

2017-07-26

Updated

2019-10-03

CVE-2017-11667

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 6.1.6 OpenProject versions 7.x prior to 7.0.3

Description The issue concerns the mishandling of session expiry, allowing remote attackers to perform API requests indefinitely by leveraging a hijacked session.

Recommendations For versions prior to 6.1.6, update to version 6.1.6 or later. For versions 7.x prior to 7.0.3, update to version 7.0.3 or later.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2017-11667

Affected Products

Openproject

PT-2017-12160 · Openproject · Openproject

CVE-2017-11667

Weakness Enumeration

Related Identifiers

Affected Products

References · 5