| 제목 | Wekan <8.21 Improper access control on administrative migration methods (CWE |
|---|
| 설명 | Migration-related operations (including URL fixups) lacked sufficient authorization checks and accepted parameters that expanded scope. The fix removes the boardId parameter from some migration steps (making them global), and adds explicit authorization requiring board admin or instance admin for board-scoped migration execution, and admin checks for migration invocation. |
|---|
| 원천 | ⚠️ https://github.com/wekan/wekan/commit/cc35dafef57ef6e44a514a523f9a8d891e74ad8f |
|---|
| 사용자 | MegaManSec (UID 94702) |
|---|
| 제출 | 2026. 01. 20. PM 12:52 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 04. PM 03:46 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344268 [WeKan 까지 8.20 Migration Operation comprehensiveBoardMigration.js ComprehensiveBoardMigration boardId MigrationBleed 권한 상승] |
|---|
| 포인트들 | 19 |
|---|