← Back to CVE List

CVE-2017-11667

Published: 2017-07-26T20:29Z
Last Modified: 2024-11-21T03:08Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt