Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure
Vulnerability Description
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Rails.cache under the deterministic key storage.<id>.httpx_access_token, repopulated continuously by an hourly cron and every userless-OAuth call site (see Write cadence). None of the three allowed cache backends (file_store, memcache, redis) encrypts at rest. An attacker with read access to the cache backend recovers the Azure-AD application-tier bearer with an anonymous get over the memcached binary protocol (or the equivalent against Redis). This vulnerability is fixed in 17.3.3 and 17.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
在文件或磁盘上的明文存储
Vulnerability Title
OPF OpenProject 加密问题漏洞
Vulnerability Description
opf openproject是opf的项目管理软件。 OPF OpenProject 17.3.3之前版本和17.4.0至17.4.1之前版本存在加密问题漏洞,该漏洞源于Storages模块将OneDrive/SharePoint用户免密OAuth访问令牌以明文写入Rails.cache,且缓存后端未加密,可能导致具有缓存后端读取权限的攻击者恢复Azure-AD应用层令牌。
CVSS Information
N/A
Vulnerability Type
N/A