Soumettre #752162: Wekan <8.21 Improper access control on administrative repair methodinformation

TitreWekan <8.21 Improper access control on administrative repair method
DescriptionA server method intended to fix duplicate lists/swimlanes (repair workflow) did not enforce instance-admin authorization. This allowed non-admins to execute admin-only workflows. The fix requires the caller to be an instance admin before the repair operation can run.
La source⚠️ https://github.com/wekan/wekan/commit/4ce181d17249778094f73d21515f7f863f554743
Utilisateur
 MegaManSec (UID 94702)
Soumission04/02/2026 17:57 (il y a 3 mois)
Modérer08/02/2026 02:06 (3 days later)
StatutAccepté
Entrée VulDB344920 [WeKan jusqu’à 8.20 Administrative Repair fixDuplicateLists.js FixDuplicateBleed élévation de privilèges]
Points17

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!