{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T18:49:37.595","vulnerabilities":[{"cve":{"id":"CVE-2026-24777","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T19:15:50.200","lastModified":"2026-02-11T18:28:40.220","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for users of the application, but they were not supposed to be able to lock application administrators. Due to a missing permission check this logic was not enforced. The problem was fixed in OpenProject 17.0.2The problem was fixed in OpenProject 17.0.2."},{"lang":"es","value":"OpenProject es un software de gestión de proyectos de código abierto y basado en la web. Antes de la versión 17.0.2, los usuarios con el permiso Gestionar Usuarios podían bloquear y desbloquear usuarios. Esta funcionalidad solo debería ser posible para los usuarios de la aplicación, pero no se suponía que pudieran bloquear a los administradores de la aplicación. Debido a una comprobación de permisos faltante, esta lógica no se aplicó. El problema se solucionó en OpenProject 17.0.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openproject:openproject:*:*:*:*:*:*:*:*","versionEndExcluding":"17.0.2","matchCriteriaId":"3FA4C106-EEE3-4582-BE10-010975AE359B"}]}]}],"references":[{"url":"https://github.com/opf/openproject/releases/tag/v17.0.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/opf/openproject/security/advisories/GHSA-fq66-cwg6-qq69","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}