PT-2026-6075 · Wekan · Wekan
Megamansec
·
Publicado
2026-02-04
·
Atualizado
2026-02-05
·
CVE-2026-1896
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.21
Description
A flaw exists in WeKan that allows for improper access controls. This is due to the manipulation of the
boardId argument within the ComprehensiveBoardMigration function located in the file server/migrations/comprehensiveBoardMigration.js of the Migration Operation Handler component. The issue is potentially exploitable remotely.Recommendations
Upgrade to version 8.21 or later to address this issue.
Correção
Improper Access Control
Incorrect Privilege Assignment
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Wekan