Session Hijacking Vulnerability in OpenProject
CVE-2017-11667 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.
Learn more about our Api Penetration Testing.