提交 #752163: Wekan <8.21 Information disclosure via insufficient authorization filtering信息

标题Wekan <8.21 Information disclosure via insufficient authorization filtering
描述Activity publication logic for linked boards did not sufficiently restrict returned activities to only boards visible to the requesting user. The fix filters linked board IDs by visibility checks and ensures the requesting user has access before returning activity data.
来源⚠️ https://github.com/wekan/wekan/commit/91a936e07d2976d4246dfe834281c3aaa87f9503
用户
 MegaManSec (UID 94702)
提交2026-02-04 17時58分 (3 月前)
管理2026-02-08 02時06分 (3 days later)
状态已接受
VulDB条目344921 [WeKan 直到 8.20 Activity Publication activities.js LinkedBoardActivitiesBleed 信息公开]
积分17

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!