Submeter #742666: Wekan <8.21 Improper access control (CWE-284)informação

TítuloWekan <8.21 Improper access control (CWE-284)
DescriçãoMethods involved in moving or validating attachment storage did not consistently enforce board visibility or required privileges for the referenced board/attachments, which could enable unauthorized operations on attachment storage workflows. The fix adds authorization/visibility checks before proceeding and tightens validation.
Fonte⚠️ https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9
Utilizador
 MegaManSec (UID 94702)
Submissão20/01/2026 12h41 (há 5 meses)
Moderação04/02/2026 15h46 (15 days later)
EstadoAceite
Entrada VulDB344267 [WeKan até 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!