Session Hijacking Vulnerability in OpenProject

CVE-2017-11667 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.

Learn more about our Api Penetration Testing.