8 matches found
CVE-2026-30239
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
CVE-2026-30239
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
EUVD-2026-11237
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
CVE-2026-30239 OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages into other budgets
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
CVE-2026-30239
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
CVE-2026-30239
OpenProject has a permission check bypass vulnerability in budget deletion prior to version 17.2.0. When budgets were deleted, all work packages assigned to the deleted budget could be reassigned or cleared because the check on the delete action executed after the reassignment operation, allowing...
CVE-2026-30239 OpenProject has a Permission Check bypass on Budget deletion allows reassignment of WorkPackages into other budgets
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different budget. This action was performed before the permission check on the delete action was executed. Thi...
OpenProject 安全漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had security vulnerabilities. These vulnerabilities stemmed from a flaw where, when deleting budgets, the work packages assigned to those budgets were moved before the permission checks...