| عنوان | Wekan <8.21 Authorization bypass (CWE-284) |
|---|
| الوصف | WIP limit related operations did not consistently enforce that only authorized users (typically and normally board admins) could change list WIP settings, allowing authentication bypasses for Wekan WIP. The fix adds explicit authorization checks to ensure only permitted users can modify WIP limits.
|
|---|
| المصدر | ⚠️ https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9 |
|---|
| المستخدم | MegaManSec (UID 94702) |
|---|
| ارسال | 20/01/2026 12:58 PM (5 أشهر منذ) |
|---|
| الاعتدال | 05/02/2026 11:52 AM (16 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 344267 [WeKan حتى 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|