漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks
Vulnerability Description
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OPF OpenProject 信息泄露漏洞
Vulnerability Description
opf openproject是opf的项目管理软件。 OPF OpenProject 17.3.3之前版本和17.4.0版本至17.4.1之前版本存在安全漏洞,该漏洞源于journal diff端点未强制对象和字段可见性,可能泄露隐藏的历史字段值。
CVSS Information
N/A
Vulnerability Type
N/A