CNNVD-202601-1771 Information
CNNVD ID
CNNVD-202601-1771
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.2之前版本存在安全漏洞,该漏洞源于未受保护的密码更改端点缺少暴力破解防护,可能导致账户破解和权限提升。
Description (English)
OpenProject is a Web-based project management software from OpenProject Open Source. Prior to the OpenProject 16.6.2, there was a security loophole resulting from the lack of violent cracking protection at the unprotected password change endpoint, which could lead to account cracking and increased access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
OpenProject
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/opf/openproject/commit/2b394b9ba5af1e5d96a64d7d452d4d44598a4c7f https://github.com/opf/openproject/pull/21272 https://github.com/opf/openproject/releases/tag/v16.6.2 https://github.com/opf/openproject/security/advisories/GHSA-93x5-prx9-x239
Patch
https://github.com/opf/openproject/releases
Share on: