| 제목 | Wekan <8.20 Improper Access Control / business logic bypass |
|---|
| 설명 | When the instance setting "allowPrivateOnly" was enabled, users could still create public boards due to insufficient enforcement at insert time. The fix replaces the permissive insert allow rule with a function that rejects public boards when the private-only flag is enabled. |
|---|
| 원천 | ⚠️ https://github.com/wekan/wekan/commit/7ed76c180ede46ab1dac6b8ad27e9128a272c2c8 |
|---|
| 사용자 | MegaManSec (UID 94702) |
|---|
| 제출 | 2026. 02. 04. PM 06:33 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 08. AM 02:11 (3 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 344910 [WeKan 까지 8.18 models/boards.js 권한 상승] |
|---|
| 포인트들 | 0 |
|---|