2 matches found
CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...
CVE-2026-44731
OpenProject contains an input leakage in the web application’s meetings filter feature that lets an attacker determine whether a user ID is valid and view the user’s full name, enabling enumeration of existing accounts. The issue occurs before versions 17.3.2 and 17.4.0 and is resolved by upgradi...