漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
WeKan < 8.19 Cross-board Card Move Without Destination Authorization
Vulnerability Description
WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially enabling unauthorized cross-board moves.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
WeKan 安全漏洞
Vulnerability Description
WeKan是WeKan开源的一个看板应用程序。 WeKan 8.19之前版本存在安全漏洞,该漏洞源于卡片移动逻辑中,用户可在未对目标进行充分授权检查且未验证目标对象属于目标看板的情况下指定目标看板、列表或泳道,可能导致未经授权的跨看板移动。
CVSS Information
N/A
Vulnerability Type
N/A