2 matches found
CVE-2026-44735
OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...
CVE-2026-44736
OpenProject vulnerability CVE-2026-44736 affects the OpenProject web-based project management platform. The flaw exists in the GET /api/v3/relations endpoint prior to version 17.4.0, allowing any authenticated user to retrieve relations and the titles of work packages they should not have permiss...