OpenProject prior to 6.1.6 and 7.x prior to 7.0.3 mishandles session expiry, which allows remote malicious users to perform APIv3 requests indefinitely by leveraging a hijacked session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openproject openproject 7.0.0 |
||
openproject openproject 7.0.2 |
||
openproject openproject 7.0.1 |
||
openproject openproject |