Enviar #752270: Wekan <8.20 Improper Access Control / business logic bypassinformación

TítuloWekan <8.20 Improper Access Control / business logic bypass
DescripciónWhen the instance setting "allowPrivateOnly" was enabled, users could still create public boards due to insufficient enforcement at insert time. The fix replaces the permissive insert allow rule with a function that rejects public boards when the private-only flag is enabled.
Fuente⚠️ https://github.com/wekan/wekan/commit/7ed76c180ede46ab1dac6b8ad27e9128a272c2c8
Usuario
 MegaManSec (UID 94702)
Sumisión2026-02-04 18:33 (hace 3 meses)
Moderación2026-02-08 02:11 (3 days later)
EstadoDuplicado
Entrada de VulDB344910 [WeKan hasta 8.18 models/boards.js escalada de privilegios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!