Description

OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3.

Related CPE's

a

openproject

openproject

Vulnerable

References

https://github.com/opf/openproject/releases/tag/v16.6.3

Release Notes

https://github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2j

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-284

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-10T02:15:49.487Z

5 days ago

Last modified

2026-01-14T22:27:55.377Z

5 hours ago