CNNVD-202601-3023 Information

CNNVD ID

CNNVD-202601-3023

Related CVE

CVE-2026-23721

• CNNVD Published: 2026-01-19

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 17.0.1之前版本和16.6.5之前版本存在安全漏洞，该漏洞源于权限检查失败，可能导致拥有查看成员权限的用户枚举所有群组及其成员。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. There is a security loophole in previous and 16.6.5 versions of OpenProject 17.0.1 which stems from the failure of the permission check and may result in all groups and their members being counted by users with access to members.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

OpenProject

Published

2026-01-19

Last Modified

2026-02-24

References

https://github.com/opf/openproject/security/advisories/GHSA-vj77-wrc2-5h5h https://access.redhat.com/security/cve/cve-2026-23721

Patch

https://github.com/opf/openproject/releases