Rodolphe Ghio

**Name of the Vulnerable Software and Affected Versions** WeKan versions prior to 8.35 **Description** Insufficient authorization checks in the JsonRoutes REST handlers of the Integration REST API endpoints allow authenticated board members to perform administrative actions without proper privilege verification. This allows for the enumeration of integrations, including webhook URLs, as well as the creation, modification, or deletion of integrations and the management of integration activities. **Recommendations** Update to version 8.35 or later.

**Name of the Vulnerable Software and Affected Versions** WeKan versions prior to 8.35 **Description** An issue exists in webhook integration URL handling where the `url schema` field accepts any string without protocol restriction or destination validation. This allows users with permissions to create or modify integrations to set webhook URLs to internal network addresses. Consequently, the server may issue HTTP POST requests to internal targets with full board event payloads. Additionally, the response handling can be exploited to overwrite arbitrary comment text without authorization checks. Server-side request forgery is a flaw that allows an attacker to induce the server-side application to make requests to an unintended location. **Recommendations** Update to version 8.35 or later.