| 제목 | Wekan <8.21 Information disclosure via insufficient authorization filtering |
|---|
| 설명 | Activity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data. |
|---|
| 원천 | ⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503 |
|---|
| 사용자 | MegaManSec (UID 94702) |
|---|
| 제출 | 2026. 02. 04. PM 05:58 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 08. AM 02:06 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344921 [WeKan 까지 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed 정보 공개] |
|---|
| 포인트들 | 17 |
|---|