| Titel | Wekan <8.21 Authorization bypass (CWE-284) |
|---|
| Beschreibung | WIP limit related operations did not consistently enforce that only authorized users (typically and normally board admins) could change list WIP settings, allowing authentication bypasses for Wekan WIP. The fix adds explicit authorization checks to ensure only permitted users can modify WIP limits.
|
|---|
| Quelle | ⚠️ https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9 |
|---|
| Benutzer | MegaManSec (UID 94702) |
|---|
| Einreichung | 20.01.2026 12:58 (vor 5 Monaten) |
|---|
| Moderieren | 05.02.2026 11:52 (16 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 344267 [WeKan bis 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed erweiterte Rechte] |
|---|
| Punkte | 0 |
|---|