| عنوان | Wekan <8.21 Missing authorization checks leading to information disclosure a |
|---|
| الوصف | Position-history tracking server methods did not consistently require authentication and board visibility checks. The fix enforces that the caller is logged in and verifies the user has access to the relevant board before proceeding with swimlane/list/card position-history operations. |
|---|
| المصدر | ⚠️ https://github.com/wekan/wekan/commit/55576ec17722db094835470b386162c9a662fb60 |
|---|
| المستخدم | MegaManSec (UID 94702) |
|---|
| ارسال | 20/01/2026 12:52 PM (5 أشهر منذ) |
|---|
| الاعتدال | 04/02/2026 03:46 PM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344269 [WeKan حتى 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|