Enviar #742671: Wekan <8.21 Missing authorization checks leading to information disclosure ainformación

TítuloWekan <8.21 Missing authorization checks leading to information disclosure a
DescripciónPosition-history tracking server methods did not consistently require authentication and board visibility checks. The fix enforces that the caller is logged in and verifies the user has access to the relevant board before proceeding with swimlane/list/card position-history operations.
Fuente⚠️ https://github.com/wekan/wekan/commit/55576ec17722db094835470b386162c9a662fb60
Usuario
 MegaManSec (UID 94702)
Sumisión2026-01-20 12:52 (hace 5 meses)
Moderación2026-02-04 15:46 (15 days later)
EstadoAceptado
Entrada de VulDB344269 [WeKan hasta 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!