← Volver a CVEs
CVE-2026-22605
MEDIUM4.3
Descripcion
OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting details of meetings that belonged to projects, the user does not have access to. This issue has been patched in version 16.6.3.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/10/2026
Ultima modificacion1/14/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
openproject:openproject
Debilidades (CWE)
CWE-284
Referencias
https://github.com/opf/openproject/releases/tag/v16.6.3(security-advisories@github.com)
https://github.com/opf/openproject/security/advisories/GHSA-fq4m-pxvm-8x2j(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.