إرسال #752163: Wekan <8.21 Information disclosure via insufficient authorization filteringالمعلومات

عنوانWekan <8.21 Information disclosure via insufficient authorization filtering
الوصفActivity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data.
المصدر⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503
المستخدم
 MegaManSec (UID 94702)
ارسال04/02/2026 05:58 PM (3 أشهر منذ)
الاعتدال08/02/2026 02:06 AM (3 days later)
الحالةتمت الموافقة
إدخال VulDB344921 [WeKan حتى 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed الكشف عن المعلومات]
النقاط17

التالي نظرة عامة السابق

Might our Artificial Intelligence support you?

Check our Alexa App!