| Название | Wekan <8.20 IDOR in setCreateTranslation. Non-admin could change Custom Tran |
|---|
| Описание | Non-admin users could delete or modify custom translations by invoking translation operations without an admin check. The fix routes deletion through a server method and adds explicit admin authorization checks for translation modification paths. |
|---|
| Источник | ⚠️ https://github.com/wekan/wekan/commit/f244a43771f6ebf40218b83b9f46dba6b940d7de |
|---|
| Пользователь | MegaManSec (UID 94702) |
|---|
| Представление | 04.02.2026 18:32 (3 месяцы назад) |
|---|
| Модерация | 08.02.2026 02:14 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 344923 [WeKan до 8.18 Custom Translation translationBody.js setCreateTranslation эскалация привилегий] |
|---|
| Баллы | 16 |
|---|