CVE-2026-24777

Medium CVSS: 6.7

OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrators. Due to a missing permission check this logic was not enforced. The problem was fixed in OpenProject 17.0.2The problem was fixed in OpenProject 17.0.2.

Vendor

Openproject

Product

Openproject

CWE

CWE-862

Yayın Tarihi

2026-02-09 19:15:50

Güncelleme

2026-02-11 18:28:40

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-862 Openproject MEDIUM Openproject 2026

Referanslar

https://github.com/opf/openproject/releases/tag/v17.0.2 https://github.com/opf/openproject/security/advisories/GHSA-fq66-cwg6-qq69

Benzer Kayıtlar

Critical

CVE-2026-32698

OpenProject is an open-source, web-based project management software. Versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2…

Critical

CVE-2026-32703

OpenProject is an open-source, web-based project management software. In versions prior to 16.6.9, 17.0.6, 17.1.3, and 1…

Low

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint (P…

Medium

CVE-2026-30235

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to…

Medium

CVE-2026-30236

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and…

Medium

CVE-2026-30239

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the wor…