| Título | Wekan <8.21 Information disclosure via insufficient authorization filtering |
|---|
| Descrição | Activity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data. |
|---|
| Fonte | ⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503 |
|---|
| Utilizador | MegaManSec (UID 94702) |
|---|
| Submissão | 04/02/2026 17h58 (há 3 meses) |
|---|
| Moderação | 08/02/2026 02h06 (3 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 344921 [WeKan até 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed Divulgação de Informação] |
|---|
| Pontos | 17 |
|---|