Submit #752163: Wekan <8.21 Information disclosure via insufficient authorization filteringinfo

TitelWekan <8.21 Information disclosure via insufficient authorization filtering
BeschreibungActivity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data.
Quelle⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503
Benutzer
 MegaManSec (UID 94702)
Einreichung04.02.2026 17:58 (vor 3 Monaten)
Moderieren08.02.2026 02:06 (3 days later)
StatusAkzeptiert
VulDB Eintrag344921 [WeKan bis 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed Information Disclosure]
Punkte17

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!