Horizon Alert
Summary of the vulnerability and why it matters
This advisory highlights a critical vulnerability in OpenProject, a web-based project management system. The issue allows a project administrator to gain unauthorized access to another project's managed cloud storage folders, potentially exposing or modifying sensitive project data.
- Project admin can access another project's cloud storage.
- Matters for data control and potential unauthorized access.
- Confirm if OpenProject is in use and assess exposure.
Attack Path
How an attacker could exploit the issue
An attacker with project-admin privileges in one OpenProject project can gain unauthorized access to another project's managed cloud storage. By manipulating a specific parameter, the attacker can associate their project with another project's cloud storage folder. This action overwrites the access controls for that folder, allowing the attacker's project members to access files that should have been restricted.
- Requires project administrator access.
- Manipulates project storage settings.
- Leads to unauthorized resource access.
Live Threat
Current exploitation, exposure, and threat context
An authenticated project administrator could gain unauthorized access to another project's managed cloud storage folders. This occurs when a project admin manipulates project storage settings to associate their project with another project's folder. When the system synchronizes managed folders, it could overwrite access controls, exposing the victim project's folder to the attacker's project's user list.
- Unauthorized access to project storage folders.
- IDOR vulnerability in project storage settings.
- Compromised access controls for cloud storage.
Operational Fix
Recommended remediation, mitigation, and detection steps
This vulnerability impacts OpenProject deployments that manage external storage like Nextcloud or OneDrive. The first step is to identify all instances of OpenProject, determine which are exposed externally, confirm their criticality, and identify the accountable system or application owner. Remediation planning should then be prioritized based on this risk assessment.
- Application owners should manage the issue.
- Verify external storage integration reachability.
- Plan coordinated storage folder remediation.