CNNVD-202601-4691 Information

CNNVD ID

CNNVD-202601-4691

Related CVE

CVE-2026-24772

• CNNVD Published: 2026-01-28

Description (Chinese)

OpenProject是OpenProject开源的一个基于Web的项目管理软件。 OpenProject 17.0.0版本至17.0.2之前版本存在数据伪造问题漏洞，该漏洞源于同步服务器未正确验证后端URL，可能导致访问令牌泄露。

Description (English)

OpenProject is a Web-based project management software from OpenProject Open Source. OpenProject 17.0.0 to 17.0.2 had a loophole in data forgery, which stemmed from the incorrect verification of the backend URL on the synchronized server, which could lead to the release of access tokens.

Hazard Level

Medium

Vulnerability Type

数据伪造问题

Affected Vendor

OpenProject

Published

2026-01-28

Last Modified

2026-02-24

References

https://github.com/opf/openproject/security/advisories/GHSA-r854-p5qj-x974 https://access.redhat.com/security/cve/cve-2026-24772

Patch

https://github.com/opf/openproject/releases