Описание
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
Уязвимые конфигурации
EPSS
5.4 Medium
CVSS3
Дефекты
Связанные уязвимости
WeKan versions prior to 8.19 contain an authorization vulnerability in ...
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
EPSS
5.4 Medium
CVSS3