Описание
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
EPSS
Процентиль: 11%
0.00036
Низкий
Дефекты
CWE-863
Связанные уязвимости
debian
2 дня назад
WeKan versions prior to 8.19 contain an authorization vulnerability in ...
github
2 дня назад
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
EPSS
Процентиль: 11%
0.00036
Низкий
Дефекты
CWE-863