| Título | Wekan <8.21 Information disclosure via insufficient authorization filtering |
|---|
| Descripción | Activity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data. |
|---|
| Fuente | ⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503 |
|---|
| Usuario | MegaManSec (UID 94702) |
|---|
| Sumisión | 2026-02-04 17:58 (hace 3 meses) |
|---|
| Moderación | 2026-02-08 02:06 (3 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 344921 [WeKan hasta 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed divulgación de información] |
|---|
| Puntos | 17 |
|---|