CVE-2026-52783 OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...