Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenProject 安全漏洞
Vulnerability Description
OpenProject是一套开源的基于Web的项目管理软件。该软件具有项目规划、任务管理、错误跟踪和成本预算等功能。 OpenProject 6.1.6之前的版本和7.0.3之前的7.x版本中存在安全漏洞,该漏洞源于程序没有正确的处理会话失效。远程攻击者可利用该漏洞执行APIv3请求。
CVSS Information
N/A
Vulnerability Type
N/A