| Título | Wekan <8.21 Authorization bypass (CWE-284) |
|---|
| Descrição | WIP limit related operations did not consistently enforce that only authorized users (typically and normally board admins) could change list WIP settings, allowing authentication bypasses for Wekan WIP. The fix adds explicit authorization checks to ensure only permitted users can modify WIP limits.
|
|---|
| Fonte | ⚠️ https://github.com/wekan/wekan/commit/8c0b4f79d8582932528ec2fdf2a4487c86770fb9 |
|---|
| Utilizador | MegaManSec (UID 94702) |
|---|
| Submissão | 20/01/2026 12h58 (há 5 meses) |
|---|
| Moderação | 05/02/2026 11h52 (16 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 344267 [WeKan até 8.20 Attachment Storage models/lists.js applyWipLimit ListWIPBleed Elevação de Privilégios] |
|---|
| Pontos | 0 |
|---|