PT-2026-6931 · Wekan · Wekan
Joshua Rogers
·
Publicado
2026-02-07
·
Atualizado
2026-02-10
·
CVE-2026-25568
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WeKan versions prior to 8.19
Description
An authorization issue exists in WeKan where the
allowPrivateOnly instance configuration setting is not fully enforced during board creation. When allowPrivateOnly is enabled, users are still able to create public boards because of incomplete server-side checks. The vulnerability relates to insufficient enforcement of access controls during board creation, potentially allowing unauthorized access to board content.Recommendations
Update WeKan to version 8.19 or later.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Wekan