| 제목 | Wekan <8.21 Missing authorization checks leading to information disclosure a |
|---|
| 설명 | Position-history tracking server methods did not consistently require authentication and board visibility checks. The fix enforces that the caller is logged in and verifies the user has access to the relevant board before proceeding with swimlane/list/card position-history operations. |
|---|
| 원천 | ⚠️ https://github.com/wekan/wekan/commit/55576ec17722db094835470b386162c9a662fb60 |
|---|
| 사용자 | MegaManSec (UID 94702) |
|---|
| 제출 | 2026. 01. 20. PM 12:52 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 04. PM 03:46 (15 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344269 [WeKan 까지 8.20 Position-History Tracking positionHistory.js PositionHistoryBleed 권한 상승] |
|---|
| 포인트들 | 17 |
|---|