2 matches found
OpenProject < 12.5.4 - Project Identifiers Exposure
OpenProject versions before 12.5.6 generate a publicly accessible robots.txt file revealing project identifiers, even if the instance is set to 'Login required', letting attackers gather project info, exploit requires no authentication. id: CVE-2023-33960 info: name: OpenProject 12.5.4 - Project...
CVE-2023-33960
CVE-2023-33960 – OpenProject robots.txt exposure : OpenProject versions prior to 12.5.6 generate a publicly accessible robots.txt that lists identifiers for all public projects, even if the instance is set to login-restricted. This constitutes an information-disclosure vulnerability (no authentic...