CVE-2017-11667

Published July 26th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.

opf/openproject

OpenProject is the leading open source project management software.

GitHub

15.3K