| عنوان | Wekan <8.21 Improper access control on administrative migration methods (CWE |
|---|
| الوصف | Migration-related operations (including URL fixups) lacked sufficient authorization checks and accepted parameters that expanded scope. The fix removes the boardId parameter from some migration steps (making them global), and adds explicit authorization requiring board admin or instance admin for board-scoped migration execution, and admin checks for migration invocation. |
|---|
| المصدر | ⚠️ https://github.com/wekan/wekan/commit/cc35dafef57ef6e44a514a523f9a8d891e74ad8f |
|---|
| المستخدم | MegaManSec (UID 94702) |
|---|
| ارسال | 20/01/2026 12:52 PM (5 أشهر منذ) |
|---|
| الاعتدال | 04/02/2026 03:46 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344268 [WeKan حتى 8.20 Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration boardId MigrationBleed تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|