Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.5 views

CVE-2026-30239

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/03/11 5:16 p.m.6 views

CVE-2026-30239

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

7.1CVSS0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 4:27 p.m.5 views

EUVD-2026-11237

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 4:27 p.m.29 views

CVE-2026-30239 OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages into other budgets

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 4:27 p.m.2 views

CVE-2026-30239

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/11 4:27 p.m.12 views

CVE-2026-30239

OpenProject has a permission check bypass vulnerability in budget deletion prior to version 17.2.0. When budgets were deleted, all work packages assigned to the deleted budget could be reassigned or cleared because the check on the delete action executed after the reassignment operation, allowing...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/11 4:27 p.m.5 views

CVE-2026-30239 OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages into other budgets

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...

6.5CVSS5.8AI score0.0019EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.9 views

OpenProject 安全漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had security vulnerabilities. These vulnerabilities stemmed from a flaw where, when deleting budgets, the work packages assigned to those budgets were moved before the permission checks...

7.1CVSS5.8AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder