提出 #752163: Wekan <8.21 Information disclosure via insufficient authorization filtering情報

タイトルWekan <8.21 Information disclosure via insufficient authorization filtering
説明Activity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data.
ソース⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503
ユーザー
 MegaManSec (UID 94702)
送信2026年02月04日 17:58 (3 月 ago)
モデレーション2026年02月08日 02:06 (3 days later)
ステータス承諾済み
VulDBエントリ344921 [WeKan 迄 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed 情報漏えい]
ポイント17

概要

Might our Artificial Intelligence support you?

Check our Alexa App!