| 제목 | Wekan <8.21 Authorization bypass (CWE-284) |
|---|
| 설명 | WIP limit related operations did not consistently enforce that only authorized users (typically and normally board admins) could change list WIP settings, allowing authentication bypasses for Wekan WIP. The fix adds explicit authorization checks to ensure only permitted users can modify WIP limits.
|
|---|
| 원천 | ⚠️ https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9 |
|---|
| 사용자 | MegaManSec (UID 94702) |
|---|
| 제출 | 2026. 01. 20. PM 12:58 (5 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 05. AM 11:52 (16 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 344267 [WeKan 까지 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed 권한 상승] |
|---|
| 포인트들 | 0 |
|---|