Отправить #752163: Wekan <8.21 Information disclosure via insufficient authorization filteringИнформация

НазваниеWekan <8.21 Information disclosure via insufficient authorization filtering
ОписаниеActivity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data.
Источник⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503
Пользователь
 MegaManSec (UID 94702)
Представление04.02.2026 17:58 (3 месяцы назад)
Модерация08.02.2026 02:06 (3 days later)
Статуспринято
Запись VulDB344921 [WeKan до 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed раскрытие информации]
Баллы17

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!