漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WeKan < 8.19 Attachments Publication Information Disclosure
Vulnerability Description
WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing attachment metadata to unauthorized users.
CVSS Information
N/A
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
WeKan 安全漏洞
Vulnerability Description
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于附件发布中,附件元数据返回时未将结果正确限定在请求用户可访问的看板和卡片范围内,可能导致附件元数据泄露给未授权用户。
CVSS Information
N/A
Vulnerability Type
N/A