What is CVE-2023-33960?

CVE-2023-33960 is a high-severity vulnerability in Opf Openproject, classified under Information Disclosure. CVSS score: 7.5/10. Published 2023-06-01.

How severe is CVE-2023-33960?

High severity. CVSS v3 base score is 7.5 out of 10.

Information disclosure in Opf Openproject

CVE-2023-33960

OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project ide…

Vulnerability class: Information Disclosure

EPSS: 0.365 (97.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Opf Openproject — versions < 12.5.6

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/opf/openproject/security/advisories/GHSA-xjfc-fqm3-95q8 (x_refsource_CONFIRM)
https://github.com/opf/openproject/pull/12708 (x_refsource_MISC)
https://community.openproject.org/wp/48324 (x_refsource_MISC)
https://github.com/opf/openproject/releases/tag/v12.5.6 (x_refsource_MISC)
https://patch-diff.githubusercontent.com/raw/opf/openproject/pull/12708.patch (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-33960?: CVE-2023-33960 is a high-severity vulnerability in Opf Openproject, classified under Information Disclosure. CVSS score: 7.5/10. Published 2023-06-01.
How severe is CVE-2023-33960?: High severity. CVSS v3 base score is 7.5 out of 10.