5 matches found
CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24776
OpenProject prior to 17.0.2 vulnerable to a logic flaw in the drag-and-drop handler for agenda items. The target meeting section was not validated to belong to the same meeting (or backlog in recurring meetings), enabling an attacker to move an agenda item to a different meeting, causing confusio...
CVE-2026-24776
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...
CVE-2026-24776 OpenProject has an IDOR on MeetingAgendaItems allows cross-project meeting agenda item transfer
OpenProject is an open-source, web-based project management software. Prior to 17.0.2, the drag&drop handler moving an agenda item to a different section was not properly checking if the target meeting section is part of the same meeting or is the backlog, in case of recurring meetings. This...