CNNVD-202601-1772 Information

Jan 10, 2026 cve

CNNVD ID

CNNVD-202601-1772

CVE-2026-22602

  • CNNVD Published: 2026-01-10

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 16.6.2之前版本存在信息泄露漏洞,该漏洞源于低权限登录用户可以查看其他用户的全名,攻击者可通过迭代可预测的用户ID来提取所有用户的全名列表。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. The leak of information in the previous version of OpenProject 16.6.2 arose from the fact that low-licensed login users were able to view the full name of other users and that the attackers could extract the full name list of all users through an iterative and predictable user ID.

Hazard Level

Critical

Vulnerability Type

信息泄露

Affected Vendor

OpenProject

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/opf/openproject/releases/tag/v16.6.2 https://github.com/opf/openproject/pull/21281 https://github.com/opf/openproject/commit/fb39a779f521d9b08f1e0c9e8aff2b6d4643ea37 https://github.com/opf/openproject/security/advisories/GHSA-7fvx-9h6h-g82j https://access.redhat.com/security/cve/cve-2026-22602

Patch

https://github.com/opf/openproject/releases

Share on: