| शीर्षक | Wekan <8.20 IDOR in setCreateTranslation. Non-admin could change Custom Tran |
|---|
| विवरण | Non-admin users could delete or modify custom translations by invoking translation operations without an admin check. The fix routes deletion through a server method and adds explicit admin authorization checks for translation modification paths. |
|---|
| स्रोत | ⚠️ https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de |
|---|
| उपयोगकर्ता | MegaManSec (UID 94702) |
|---|
| सबमिशन | 04/02/2026 06:32 PM (3 महीनों पहले) |
|---|
| संयम | 08/02/2026 02:14 AM (3 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 344923 [WeKan तक 8.18 Custom Translation translationBody.js setCreateTranslation अधिकार वृद्धि] |
|---|
| अंक | 16 |
|---|