Today we will talk about a session management vulnerability affects OpenProject with all its version before 6.1.6 (old Stable) and 7.0.3 (latest stable) and may lead to accounts compromise and perform unauthorized actions via physical access to the logged in user session. but first lets know some general info.
First what is OpenProject?
OpenProject is a web-based project management system for location-independent team collaboration. This open source application is released under the GNU General Public License Version 3 and is continuously developed by an active open source community.
In addition to numerous smaller OpenProject installations there are also some very large installations in global organizations with more than 2,500 projects.