| Titel | Wekan <8.21 Missing authorization checks leading to information disclosure a |
|---|
| Beschreibung | Position-history tracking server methods did not consistently require authentication and board visibility checks. The fix enforces that the caller is logged in and verifies the user has access to the relevant board before proceeding with swimlane/list/card position-history operations. |
|---|
| Quelle | ⚠️ https://github.com/wekan/wekan/commit/55576ec17722db094835470b386162c9a662fb60 |
|---|
| Benutzer | MegaManSec (UID 94702) |
|---|
| Einreichung | 20.01.2026 12:52 (vor 5 Monaten) |
|---|
| Moderieren | 04.02.2026 15:46 (15 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 344269 [WeKan bis 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|