Lucene search
+L

4 matches found

CVE
CVE
added 2026/06/26 7:1 p.m.25 views

CVE-2026-47193

OpenProject (open-source web-based project management) contains a vulnerability in the journal diff endpoint that discloses hidden historical field values due to lack of object/field visibility enforcement. The issue is fixed in versions 17.3.3 and 17.4.1. Affected component: journal diff endpoin...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:1 p.m.7 views

CVE-2026-47193

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 7:1 p.m.4 views

CVE-2026-47193 OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS5.9AI score0.00252EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:1 p.m.31 views

CVE-2026-47193 OpenProject: Journal diff endpoint bypasses object, journal, and field visibility checks

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the journal diff endpoint discloses hidden historical field values without enforcing object and field visibility. This vulnerability is fixed in 17.3.3 and 17.4.1...

7.5CVSS0.00252EPSS
Exploits0References1
Rows per page
Query Builder