Количество 3
Количество 3
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier.
CVE-2026-25567
WeKan versions prior to 8.19 contain an insecure direct object referen ...
GHSA-9w3f-qqh3-w7fc
WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2026-25567 WeKan versions prior to 8.19 contain an insecure direct object referen ... | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-9w3f-qqh3-w7fc WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying another user's identifier. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу