CNNVD-202601-1767 Information
CNNVD ID
CNNVD-202601-1767
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 11.2.1版本至16.6.2之前版本存在信息泄露漏洞,该漏洞源于错误页面泄露用户名信息,可能导致账户枚举。
Description (English)
OpenProject is a Web-based project management software from OpenProject Open Source. There was an information leakage loophole before OpenProject Versions 11.2.1 to 16.6.2, which resulted from the leaking of user name information on the wrong page, which could lead to an account count.
Hazard Level
High
Vulnerability Type
信息泄露
Affected Vendor
OpenProject
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/opf/openproject/commit/2cff5e98649e32a197a62659a23dd4b864b7855b https://github.com/opf/openproject/pull/3451 https://github.com/opf/openproject/releases/tag/v16.6.2 https://github.com/opf/openproject/security/advisories/GHSA-q7qp-p3vw-j2fh
Patch
https://github.com/opf/openproject/releases
Share on: