This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: OpenProject has an **Information Disclosure** flaw. π The PDF export feature allows **Local File Read** via malicious SVG uploads.β¦
π₯ **Affected**: Users of **OpenProject**. π **Versions**: All versions **prior to 16.6.4**. π¦ **Component**: The Web-based project management tool, specifically the **Work Package PDF Export** functionality.
Q4What can hackers do? (Privileges/Data)
π» **Hackers' Power**: Can read **Arbitrary Local Files** on the server. π **Privileges**: Requires **Low Privilege** (PR:L) access.β¦
π« **Public Exp?**: **No**. The `pocs` field is empty. π **Status**: Only vendor advisories and release notes are linked. No public Proof-of-Concept (PoC) or wild exploitation scripts are currently available in the data.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Look for the **PDF Export** feature in Work Packages. π€ **Test**: Try uploading a crafted SVG file (if safe in test env) and check if the export triggers file reads.β¦
β **Fixed?**: **Yes**. π¦ **Patch**: Version **16.6.4** resolves this issue. π **Reference**: See the GitHub Security Advisory (GHSA-m8f2-cwpq-vvhh) and the v16.6.4 release notes for official confirmation.
Q9What if no patch? (Workaround)
π§ **No Patch?**: **Workaround**: Disable or restrict the **PDF Export** feature for work packages. π **Mitigation**: Limit access to the export function to trusted admins only.β¦
π₯ **Urgency**: **High Priority**. π¨ **Why**: Remote exploitability + Low Auth requirement + High Data Loss risk. π **Action**: Upgrade to **v16.6.4** immediately if you are running an older version. Do not ignore this!